LoadBal over 4 WAN, guru's eye needed...

ekkas · May 22, 2008, 11:24am

Hi all, I’m trying to replace a XP proxy server and a Linksys load-balance router with a RB532A using ROS3.9 FW2.14

Ignoring proxy for now (although I already purchased & installed a 16GB CF card), I’d just like to get the load balance going. I’ve set it up as in the WIKI, but it just wouldn’t work. Can someone please have a look where I’ve gone wrong? Seems to be struggling for weeks now…
I have 4 WAN with static addresses, you’ll see in the routing part the gateway IPs for each.
Below is a (hopefully) complete config:

#INITIAL ROUTER SETUP
/interface ethernet
set 1 mtu=1500 name=“TRUE”
set 3 mtu=1454 name=“WAN1”
set 4 mtu=1454 name=“WAN2”
set 5 mtu=1454 name=“WAN3”
set 6 mtu=1454 name=“WAN4”

/ip dns
set allow-remote-requests=yes primary-dns=168.210.2.2 secondary-dns=196.14.239.2

/ip address
add address=10.1.1.1/24 broadcast=10.1.1.255 interface=TRUE network=10.1.1.0
add address=196.xxx.xxx.146/29 broadcast=196.xxx.xxx.151 interface=WAN1 network=196.xxx.xxx.144
add address=196.xxx.xxx.187/29 broadcast=196.xxx.xxx.191 interface=WAN2 network=196.xxx.xxx.184
add address=196.xxx.xxx.131/29 broadcast=196.xxx.xxx.135 interface=WAN3 network=196.xxx.xxx.128
add address=196.xxx.xxx.179/29 broadcast=196.xxx.xxx.183 interface=WAN4 network=196.xxx.xxx.176

#MANGLE
/ip firewall mangle
add action=mark-connection chain=prerouting comment=“CM1” connection-state=new
disabled=no in-interface=TRUE new-connection-mark=Cone nth=4,1
passthrough=yes
add action=mark-routing chain=prerouting comment=“RM1” connection-mark=Cone
disabled=no in-interface=TRUE new-routing-mark=Rone passthrough=no

add action=mark-connection chain=prerouting comment=“CM2” connection-state=new
disabled=no in-interface=TRUE new-connection-mark=Ctwo nth=3,1
passthrough=yes
add action=mark-routing chain=prerouting comment=“RM2” connection-mark=Ctwo
disabled=no in-interface=TRUE new-routing-mark=Rtwo passthrough=no

add action=mark-connection chain=prerouting comment=“CM3” connection-state=new
disabled=no in-interface=TRUE new-connection-mark=Cthree nth=2,1
passthrough=yes
add action=mark-routing chain=prerouting comment=“RM3” connection-mark=Cthree
disabled=no in-interface=TRUE new-routing-mark=Rthree passthrough=no

add action=mark-connection chain=prerouting comment=“CM4” connection-state=new
disabled=no in-interface=TRUE new-connection-mark=Cfour nth=1,1
passthrough=yes
add action=mark-routing chain=prerouting comment=“RM3” connection-state=new
disabled=no in-interface=TRUE new-routing-mark=RFour passthrough=no

#NAT
/ip firewall nat
add action=src-nat chain=srcnat connection-mark=Cone to-addresses=196.xxx.xxx.145 to-ports=0-65535
add action=src-nat chain=srcnat connection-mark=Ctwo to-addresses=196.xxx.xxx.185 to-ports=0-65535
add action=src-nat chain=srcnat connection-mark=Cthree to-addresses=196.xxx.xxx.129 to-ports=0-65535
add action=src-nat chain=srcnat connection-mark=Cfour to-addresses=196.xxx.xxx.177 to-ports=0-65535

#ROUTING
/ip route
add comment=“FOUR” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=196.xxx.xxx.177 routing-mark=RFour scope=255 target-scope=10
add comment=“TWO” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=196.xxx.xxx.185 routing-mark=Rtwo scope=255 target-scope=10
add comment=“ONE” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=196.xxx.xxx.145 routing-mark=Rone scope=255 target-scope=10
add comment=“THREE” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=196.xxx.xxx.129 routing-mark=Rthree scope=255 target-scope=10
add comment=“THE REST” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=196.xxx.xxx.129 scope=30 target-scope=10

ekkas · May 22, 2008, 11:44am

Seems like my problem was NATting to the gateway address!!!
Does anyone have a wall that I can knock my head against. Seems to be working ok now.

2more LB questions though:
1)What if I have another incoming interface (my own LAN) that I also want to LB? Do I repeat all these rules for that inyterface as well, how will the Nth part behave?
2) To get proxy to work, should I wait until the aparent proxy issues are fixed, or is it ok like it is and easy to work with the LB setup I have?

Thanks all
Ekkas

johnsonwc · May 22, 2008, 1:52pm

What was your fix? Would you share the working config? I’m about to attempt a similar project and am trying to educate myself to the point where I can start.

Walt

ekkas · May 22, 2008, 2:35pm

Look at the second last part of the config, in the section called #NAT. I was NATting to the gateway address instead of the router’s own address:

add action=src-nat chain=srcnat connection-mark=Cone to-addresses=196.xxx.xxx.145 to-ports=0-65535
should have been
add action=src-nat chain=srcnat connection-mark=Cone to-addresses=196.xxx.xxx.146 to-ports=0-65535

and of course the same fix for the other 3 NAT rules.