Port forwarding to internal server when using PCC Load BLNC

RouterOS General
1

I am using RB750. I have to Wan links shared to my LAN using PCC. When users from my network travel they use active sync to download their mail. I have tried to activate port mapping using DST-NAT but cannot get it to work. I can see the traffic hitting the wan interface but it does not seem to reach the server. I have been through every article I can find and have not managed to get the traffic to flow. Anyone have ideas

interface print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU MAX-L2MTU

0 R BSATT1 ether 1500 1600 4076
1 R BSATT2 ether 1500 1598 2028
2 R LAN ether 1500 1598 2028

ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 x.x.x.x/30 5.11.12.216 BSATT1
1 y.y.y.y/30 5.11.13.112 BSATT2
2
3 172.17.0.8/24 172.17.0.0 LAN
ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=accept src-address=172.17.0.0/16
dst-address=172.17.0.0/16

1 chain=forward action=accept protocol=icmp in-interface=LAN

2 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=20

3 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=21

4 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=23

5 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=25

6 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=53

7 chain=forward action=accept protocol=udp in-interface=LAN dst-port=53

8 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=80

9 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=110

10 chain=forward action=accept protocol=udp in-interface=LAN dst-port=123

11 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=135

12 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=139

13 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=143

14 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=443

15 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=465

16 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=587

17 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=993

18 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=995

19 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=2174

20 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=2175

21 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=2199

22 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=2261

23 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=3268

24 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=8443

25 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=8080

26 chain=forward action=accept protocol=tcp in-interface=LAN dst-port=10000

27 chain=forward action=accept connection-state=established in-interface=BSATT>

28 chain=forward action=accept connection-state=established in-interface=BSATT>

29 chain=forward action=drop in-interface=LAN

ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=output action=mark-routing new-routing-mark=TO_BSATT1 passthrough=yes
connection-mark=BSATT1_CONN

1 chain=output action=mark-routing new-routing-mark=TO_BSATT2 passthrough=yes
connection-mark=BSATT2_CONN

2 chain=prerouting action=accept dst-address=x.x.x.x/30 in-interface=LAN

3 chain=prerouting action=accept dst-address=y.y.y.y/30 in-interface=LAN

4 chain=input action=mark-connection new-connection-mark=BSATT1_CONN
passthrough=yes in-interface=BSATT1 connection-mark=no-mark

5 chain=input action=mark-connection new-connection-mark=BSATT2_CONN
passthrough=yes in-interface=BSATT2 connection-mark=no-mark

6 chain=prerouting action=mark-connection new-connection-mark=BSATT1_CONN
passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/0

7 chain=prerouting action=mark-connection new-connection-mark=BSATT2_CONN
passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/1

8 chain=prerouting action=mark-routing new-routing-mark=TO_BSATT1
passthrough=yes in-interface=LAN connection-mark=BSATT1_CONN

9 chain=prerouting action=mark-routing new-routing-mark=TO_BSATT2
passthrough=yes in-interface=LAN connection-mark=BSATT2_CONN

ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=BSATT1

1 chain=srcnat action=masquerade out-interface=BSATT2

2 chain=dstnat action=dst-nat to-addresses=172.17.0.121 to-ports=443
protocol=tcp dst-address=x.x.x.x in-interface=BSATT1 dst-port=443

ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 x.x.x.x 1
1 A S 0.0.0.0/0 y.y.y.y 1
2 A S 0.0.0.0/0 x.x.x.x 1
3 S 0.0.0.0/0 y.y.y.y 2
4 ADC x.x.x.x/30 x.x.x.x BSATT1 0
5 ADC y.y.y.y/30 y.y.y.y BSATT2 0
6 ADC
7 ADC 172.17.0.0/24 172.17.0.8 LAN 0
8 A S 172.17.6.0/27 172.17.0.6 1
9 A S 172.17.6.32/27 172.17.0.7 1
10 A S 172.17.6.64/27 172.17.0.9 1
11 A S 172.17.8.0/24 172.17.0.3 1
12 A S 172.17.16.0/24 172.17.0.2 1
13 A S 172.17.24.0/24 172.17.0.4 1

2

I had a problem with port forwarding while load balancing as well, it seems somewhat flaky. Written rules only work sometimes so I ended up enabling UPnP, I know its not a really great solution but it seems to have improved the reliability of port forwarding actually forwarding the data.

3

Is there not a way to push all traffic from my server out through a particular connection when going out to the internet. Would that not improve the functionality of the port forwarding? If so how would I do that?

4

Ok so I have been looking everywhere for solutions. And although articles say it is possible I cannot find anyone who has port forwarding working. I decided the easiest solution was two provide a lan interface for each connection and use two routers. On Router A I have setup the WAN1 and WAN2 and LAN1 and LAN2
LAN1 and LAN2 I have given 2 IPS to each on different address spaces.

LAN1 IP1 172.17.0.11 255.255.255.0 IP2 192.168.1.1 255.255.255.0

LAN2 IP1 172.17.0.12 255.255.255.0 IP2 192.168.2.1 255.255.255.0

I have setup port mapping using IP1 to the servers.
I have then setup the Router 2 with 2 WAN interfaces with
WAN1 192.168.1.2 255.255.255.0
WAN2 192.168.2.1 255.255.255.0
LAN 172.17.0.8 255.255.255.0
As all users are behind routers at the different locations I have setup the default route for their routers to pass through 0.8. This give them access to LAN devices and also allows the load balancing to work.
This is not the cleanest of setups but it works. Open to better suggestions.

Thanks