Loadbalace with port forwarding issue

eleftherios · July 21, 2020, 6:07pm

hello,
i don't know where i write my issue and i decided to post here,
i am not expert i use mikrotik for load balance for home use after tp-link because i see is more stable,

my set up

isp1
isp2
lan

the problem is i try for port forwading from ISP2 ONLY , i do all steps finding here but not working if i disable isp1 work fine .

any advice ?

thanks !!!!

[admin@MikroTik] > /export hide-sensitive

jul/21/2020 20:50:00 by RouterOS 6.43.9

software id = 998L-8I67

model = 2011UiAS

serial number = 8C1A0A545FA7

/interface ethernet
set [ find default-name=ether1 ] name=ISP1
set [ find default-name=ether2 ] name=ISP2
set [ find default-name=ether3 ] name=LAN
set [ find default-name=ether4 ] name=WIFI
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool1 ranges=192.168.3.10-192.168.3.254
add name=dhcp_pool2 ranges=192.168.0.200-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=LAN name=dhcp1
/ip address
add address=192.168.2.34/24 interface=ISP1 network=192.168.2.0
add address=192.168.1.250/24 interface=ISP2 network=192.168.1.0
add address=192.168.0.1/24 interface=LAN network=192.168.0.0
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
add address=192.168.3.0/24 dns-server=192.168.3.1,8.8.8.8 gateway=192.168.3.1
/ip dns
set servers=192.168.0.1,8.8.8.8
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=
all-ethernet
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ISP1 new-connection-mark=ISP1_CONN passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ISP2 new-connection-mark=ISP2_CONN passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN new-connection-mark=ISP1_conn
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN new-connection-mark=ISP2_conn
passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn
in-interface=LAN new-routing-mark=TO_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn
in-interface=LAN new-routing-mark=TO_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn
new-routing-mark=TO_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn
new-routing-mark=TO_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2
add action=dst-nat chain=dstnat dst-port=8443 in-interface=ISP2 protocol=tcp
to-addresses=192.168.0.22 to-ports=8443
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=TO_ISP1
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=TO_ISP2
add check-gateway=ping distance=1 gateway=192.168.2.1
add check-gateway=ping distance=2 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/Athens