Hello everyone, I tried to not ask for help but spent so many time to figure how to set everythink and I think I lost.
First of all I’m using RB1100Dx4 and my network structure is looking like that:
eth1 = empty
eth2 = main connection with HP Switch - configure there multiple VLANS ( 21 )
eth3,4,5 = empty
eth6,7,8,9,10 = PPoE connections
eth11 = empty
eth12 = static WAN connection
eth13 = link with router RB450 (which is using different static WAN connection dedicated for heating server service)
Configured Load Balance on PPoE and WAN connection with PCC Policy from there https://wiki.mikrotik.com/wiki/Manual:PCC not really sure how to check if its work
/ip firewall mangle
add action=mark-connection chain=input in-interface=PPPOE1 \
new-connection-mark=in1_conn passthrough=yes src-address-list=Klient4-6
add action=mark-connection chain=input in-interface=PPPOE2 \
new-connection-mark=in2_conn passthrough=yes src-address-list=Klient7-9
add action=mark-connection chain=input in-interface=PPPOE3 \
new-connection-mark=in3_conn passthrough=yes src-address-list=Klient10-12
add action=mark-connection chain=input in-interface=PPPOE4 \
new-connection-mark=in4_conn passthrough=yes src-address-list=Klient13-16
add action=mark-connection chain=input in-interface=PPPOE5 \
new-connection-mark=in5_conn passthrough=yes src-address-list=Klient17-20
add action=mark-routing chain=output connection-mark=in1_conn \
new-routing-mark=in1 passthrough=yes src-address-list=Klient4-6
add action=mark-routing chain=output connection-mark=in2_conn \
new-routing-mark=in2 passthrough=yes src-address-list=Klient7-9
add action=mark-routing chain=output connection-mark=in3_conn \
new-routing-mark=in3 passthrough=yes src-address-list=Klient10-12
add action=mark-routing chain=output connection-mark=in4_conn \
new-routing-mark=in4 passthrough=yes src-address-list=Klient13-16
add action=mark-routing chain=output connection-mark=in5_conn \
new-routing-mark=in5 passthrough=yes src-address-list=Klient17-20
add action=accept chain=prerouting connection-nat-state=srcnat,dstnat \
in-interface=PPPOE1 src-address-list=Klient4-6
add action=accept chain=prerouting connection-nat-state=srcnat,dstnat \
in-interface=PPPOE2 src-address-list=Klient7-9
add action=accept chain=prerouting connection-nat-state=srcnat,dstnat \
in-interface=PPPOE3 src-address-list=Klient10-12
add action=accept chain=prerouting connection-nat-state=srcnat,dstnat \
in-interface=PPPOE4 src-address-list=Klient13-16
add action=accept chain=prerouting connection-nat-state=srcnat,dstnat \
in-interface=PPPOE5 src-address-list=Klient17-20
add action=mark-connection chain=prerouting connection-nat-state=\
srcnat,dstnat dst-address-type=!local in-interface=all-vlan \
new-connection-mark=in1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting connection-nat-state=\
srcnat,dstnat dst-address-type=!local in-interface=all-vlan \
new-connection-mark=in2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting connection-nat-state=\
srcnat,dstnat dst-address-type=!local in-interface=all-vlan \
new-connection-mark=in3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting connection-nat-state=\
srcnat,dstnat dst-address-type=!local in-interface=all-vlan \
new-connection-mark=in4_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting connection-nat-state=\
srcnat,dstnat dst-address-type=!local in-interface=all-vlan \
new-connection-mark=in5_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/4
add action=mark-routing chain=prerouting connection-mark=in1_conn \
in-interface=all-vlan new-routing-mark=in1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=in2_conn \
in-interface=all-vlan new-routing-mark=in2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=in3_conn \
in-interface=all-vlan new-routing-mark=in3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=in4_conn \
in-interface=all-vlan new-routing-mark=in4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=in5_conn \
in-interface=all-vlan new-routing-mark=in5 passthrough=yes
add action=mark-connection chain=input in-interface=WanXDSL83-p12 \
new-connection-mark=in6/83_conn passthrough=yes
add action=mark-routing chain=output connection-mark=in6/83_conn \
new-routing-mark=in6/83 passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=DSL passthrough=yes \
src-address-list=DSL
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=WanXDSL83-p12 new-connection-mark=in6/83_conn passthrough=\
yes per-connection-classifier=both-addresses-and-ports:6/5
add action=mark-routing chain=prerouting connection-mark=in6/83_conn \
in-interface=WanXDSL83-p12 new-routing-mark=in6/83 passthrough=yes
add action=accept chain=prerouting in-interface=WanXDSL83-p12
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPOE1
add action=masquerade chain=srcnat out-interface=PPPOE2
add action=masquerade chain=srcnat out-interface=PPPOE3
add action=masquerade chain=srcnat out-interface=PPPOE4
add action=masquerade chain=srcnat out-interface=PPPOE5
add action=masquerade chain=srcnat out-interface=WanXDSL83-p12
add action=dst-nat chain=dstnat dst-port=85 in-interface=WanXDSL83-p12 \
protocol=tcp to-addresses=192.168.21.102 to-ports=85
add action=dst-nat chain=dstnat dst-port=80 in-interface=WanXDSL83-p12 \
protocol=tcp to-addresses=192.168.21.104 to-ports=80
add action=masquerade chain=srcnat comment=\
"VPN traffic from vpn clients to inside localnetwork" src-address=\
10.10.10.0/24
add action=masquerade chain=srcnat comment=192.168.25.0-Mascarada \
src-address=192.168.25.0/24
add action=masquerade chain=srcnat comment=192.168.24.0-Mascarada \
src-address=192.168.24.0/24
add action=masquerade chain=srcnat comment=192.168.23.0-Mascarada \
src-address=192.168.23.0/24
add action=masquerade chain=srcnat comment=192.168.22.0-Mascarada \
src-address=192.168.22.0/24
add action=masquerade chain=srcnat comment=192.168.21.0-Mascarada \
src-address=192.168.21.0/24
add action=masquerade chain=srcnat comment=192.168.20.0-Mascarada \
src-address=192.168.20.0/24
add action=masquerade chain=srcnat comment=192.168.19.0-Mascarada \
src-address=192.168.19.0/24
add action=masquerade chain=srcnat comment=192.168.18.0-Mascarada \
src-address=192.168.18.0/24
add action=masquerade chain=srcnat comment=192.168.17.0-Mascarada \
src-address=192.168.17.0/24
add action=masquerade chain=srcnat comment=192.168.16.0-Mascarada \
src-address=192.168.16.0/24
add action=masquerade chain=srcnat comment=192.168.15.0-Mascarada \
src-address=192.168.15.0/24
add action=masquerade chain=srcnat comment=192.168.14.0-Mascarada \
src-address=192.168.14.0/24
add action=masquerade chain=srcnat comment=192.168.13.0-Mascarada \
src-address=192.168.13.0/24
add action=masquerade chain=srcnat comment=192.168.12.0-Mascarada \
src-address=192.168.12.0/24
add action=masquerade chain=srcnat comment=192.168.11.0-Mascarada \
src-address=192.168.11.0/24
add action=masquerade chain=srcnat comment=192.168.10.0-Mascarada \
src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment=192.168.9.0-Mascarada src-address=\
192.168.9.0/24
add action=masquerade chain=srcnat comment=192.168.8.0-Mascarada src-address=\
192.168.8.0/24
add action=masquerade chain=srcnat comment=192.168.7.0-Mascarada src-address=\
192.168.7.0/24
add action=masquerade chain=srcnat comment=192.168.6.0-Mascarada src-address=\
192.168.6.0/24
add action=masquerade chain=srcnat comment=192.168.5.0-Mascarada src-address=\
192.168.5.0/24
add action=masquerade chain=srcnat comment=192.168.4.0-Mascarada src-address=\
192.168.4.0/24
/ip packing
add interface=WAN1 packing=compress-all unpacking=compress-all
add interface=WAN2 packing=compress-all unpacking=compress-all
add interface=WAN3 packing=compress-all unpacking=compress-all
add interface=WAN4 packing=compress-all unpacking=compress-all
/ip route
add check-gateway=ping distance=1 gateway=PPPOE1 routing-mark=in1
add check-gateway=ping distance=1 gateway=PPPOE2 routing-mark=in2
add check-gateway=ping distance=1 gateway=PPPOE3 routing-mark=in3
add check-gateway=ping distance=1 gateway=PPPOE4 routing-mark=in4
add check-gateway=ping distance=1 gateway=PPPOE5 routing-mark=in5
add check-gateway=ping distance=1 gateway=static gatway routing-mark=in6/83
add check-gateway=ping distance=1 gateway=static gatway routing-mark=DSL
add check-gateway=ping distance=2 gateway="83.1.5.10%PPPOE3,83.1.5.10%PPPOE4,8\
3.1.5.10%PPPOE5,83.1.5.10%PPPOE2,83.1.5.10%PPPOE1"
In the vaccation seasson the traffic is really high wanted to load is as fair its possible ( all connections are 10mb/s )
Mean while I wanted to use my WAN eth12 to maintanace services e.g video recorders ( both on same VLAN ) one port 85 second 80 and some private services that req. static address which I can define on “special address list” and forward them to use WAN83 as in / out interface but cant figure how to configure it properly.
Also I meessed with Load Balance too much when I wanted to define which client list ( specific VLAN’s ) should use specific PPoE connection but the idea was to manualy balance traffic by forwarind specifics VLAN’s into specific PPoE connection maybe it would be better idea to balance access from different clients.
And another think how I should configure RB1100 and RB450 to be able connect into them by using one of RB’s VPN connection (eg. connected by RB450 VPN to have acces into 1100 - as backup when all 1100 connections dead)
Would appreciate any suggestion or materials I can study to understand how I should configure it correctly because for now it’s just blow my mind when I need define specifics addresses to out and in by my eth12 static wan connection. Trying my best but its too much for my begginers brain I think.
Best regards.