Hello I am new to Microtic configuration but was very pleased to find this per traffic load balancing article.
http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing
I have a VSAT and a terrestrial connection.
I wish to put all of mt HTTP and HTTPS traffic through the VSAT router and all other trafficthrough the terrestrial router.
This script is perfect for the Job.
I have tested everything and it appears to work down to applying the last 3 entries that route the marked traffic types to the individual WAN ports and the respective routers.
Frustratingly I can see it working as I can see the traffic going out of both wans but I cannot any longer browse the internet or admin either of the routers once I apply the 3 final rules.
I am sure this is a simple NAT issue and I am just inexperienced
Can anyone assist please
This is the simple script.
/interface ethernet
set [ find default-name=ether2 ] comment=LAN name=LAN1
set [ find default-name=ether1 ] comment=WAN1 name=WAN1
set [ find default-name=ether5 ] comment=WAN2 name=WAN2
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
/ip neighbor discovery
set LAN1 comment=LAN
set WAN1 comment=WAN1
set WAN2 comment=WAN2
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip address
add address=192.168.10.240/24 interface=LAN1 network=192.168.10.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
interface=WAN1
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
interface=WAN2
/ip dns
set allow-remote-requests=yes servers=192.168.10.240
/ip firewall address-list
add address=192.168.10.0/24 list=Allowed-Internet
add address=192.168.10.58 comment=“Stewarts PC” disabled=yes list=WAN1
add address=192.168.10.59 comment=“Another PC” disabled=yes list=WAN2
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=WAN1 passthrough=no
src-address-list=WAN1
add action=mark-routing chain=prerouting new-routing-mark=WAN2 passthrough=no
src-address-list=WAN2
add action=mark-routing chain=prerouting new-routing-mark=“HTTP traffic”
add action=mark-routing chain=prerouting dst-port=443 new-routing-mark=
“SSL traffic” passthrough=no protocol=tcp
add action=mark-routing chain=prerouting new-routing-mark=Unknown passthrough=
no
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment=“Gateway 192.168.5.240/24”
out-interface=WAN1 src-address-list=Allowed-Internet
add action=masquerade chain=srcnat comment=“Gateway 192.168.15.240/24”
out-interface=WAN2 src-address-list=Allowed-Internet
/ip route
add distance=1 gateway=192.168.5.240 routing-mark=WAN1 scope=255
add distance=1 gateway=192.168.15.240 routing-mark=WAN2 scope=255
add disabled=yes distance=1 gateway=192.168.15.240 routing-mark=“HTTP traffic”
scope=255
add disabled=yes distance=1 gateway=192.168.15.240 routing-mark=“SSL traffic”
scope=255
add disabled=yes distance=1 gateway=192.168.5.240 routing-mark=Unknown scope=
255
add distance=1 dst-address=192.168.5.0/24 gateway=192.168.5.240
add distance=1 dst-address=192.168.15.0/24 gateway=192.168.15.240
/system clock
set time-zone-name=Africa/Mbabane
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
The last 3 rules for steering the traffic types have been disabled as I cannot browse when they are active.
Regards
Heathit