Please help ?

kodok · June 24, 2017, 3:20pm

Hi,

I have RB1100AHx2 , Im trying to setup Multiple Wan and Lan with Load Balancing and Failover
Here are the interface setup :
ether1 = WAN1
ether2 = WAN2
ether3 = WAN3
ether4 = WAN4
ether5 = LocalBilling
ether6 = LocalSales

What I want to setup is :

LocalBilling will get the connection from WAN1 + WAN2 Load Balancing-Failover
LocalSales will get the connection from WAN3 + WAN4 Load Balancing-Failover
LocalSales will not able to connect or talk each other with LocalBilling Network

I having the problem on the setup, LocalSales are able to use the WAN1 or WAN2 Public IP, which I dont want to. LocalSales must use only WAN3 & WAN4. Please advise? Below is my setup :

======================================

/ip address
add address=10.10.1.10/29 interface=WAN1
add address=10.10.2.10/29 interface=WAN2
add address=10.10.3.10/29 interface=WAN3
add address=10.10.4.10/29 interface=WAN4
add address=192.168.7.1/24 interface=LocalBilling
add address=192.168.8.1/24 interface=LocalSales

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8,4.2.2.1

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN4_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4

add chain=prerouting dst-address=10.10.1.8/29 action=accept in-interface=LocalBilling
add chain=prerouting dst-address=10.10.2.8/29 action=accept in-interface=LocalBilling

add chain=prerouting dst-address=10.10.3.8/29 action=accept in-interface=LocalSales
add chain=prerouting dst-address=10.10.4.8/29 action=accept in-interface=LocalSales

add chain=prerouting dst-address-type=!local in-interface=LocalBilling per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LocalBilling per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting dst-address-type=!local in-interface=LocalSales per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LocalSales per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LocalBilling action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LocalBilling action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting connection-mark=WAN3_conn in-interface=LocalSales action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=LocalSales action=mark-routing new-routing-mark=to_WAN4

/ip route
add dst-address=0.0.0.0/0 gateway=10.10.1.9 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.2.9 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=10.10.3.9 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.4.9 routing-mark=to_WAN4 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=10.10.1.9 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.2.9 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.3.9 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.4.9 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade

======================================

idlemind · June 26, 2017, 3:10am

add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN4_conn

^^ I think you have a typo here. I imagine this should be WAN4

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade

^^ Add additional qualifiers to these rules, either input interface or, my preference, match by src-IP.