Dear All,
I Have problem with load balancing Dual WAN in one router mikrotik.
I am using 2 WAN in 1 mikrotik distributed as follows:
WAN 1 (202.10.10.2) ke Client 1 (192.168.1.2-192.168.1.254)
WAN 2 (202.10.9.2) ke Client 2 (192.168.2.2-192.168.2.254)
Note : WAN IP not my real WAN IP
My Mikrotik is RB450G
I use mark routing for internet access between the client 1 and client 2
when i ping from outside (network-tools.com) i get timed out. but when i not activated routing mark in ip route
i get normal reply. I think I get problem with internal routing to giving reply when i use routing mark.
i have answer by adding marking connection from outside (internet) from in my public interface and then routing mark that connection in same name with routing mark for user
this is my script :
/ip firewall mangle
add chain=input in-interface=“ether-1” comment=“mark connection from to the internet in interface PUBLIC 1” action=mark-connection new-connection-mark=conn_in_public_1 passthrough=yes
add chain=input in-interface=“ether-2” comment=“mark connection from to the internet in interface PUBLIC 2” action=mark-connection new-connection-mark=conn_in_public_2 passthrough=yes
then create mangle for routing mark
/ip firewall mangle
add chain=prerouting connection-mark=conn_in_public_1 action=mark-routing disabled=no in-interface=ether3 new-routing-mark=WAN1 passthrough=no
so in my mangle i have 6 statement like below :
add chain=input in-interface=“ether-1” comment=“mark connection from to the internet in interface PUBLIC 1” action=mark-connection new-connection-mark=conn_in_public_1 passthrough=yes
add chain=input in-interface=“ether-2” comment=“mark connection from to the internet in interface PUBLIC 2” action=mark-connection new-connection-mark=conn_in_public_2 passthrough=yes
add chain=prerouting connection-mark=conn_in_public_1 action=mark-routing disabled=no in-interface=ether3 new-routing-mark=WAN1 passthrough=no
add chain=prerouting connection-mark=conn_in_public_2 action=mark-routing disabled=no in-interface=ether3 new-routing-mark=WAN2 passthrough=no
add chain=prerouting src-address= 192.168.1.0/24 action=mark-routing disabled=no in-interface=ether3 new-routing-mark=WAN1 passthrough=no
add chain=prerouting src-address= 192.168.2.0/24 action=mark-routing disabled=no in-interface=ether4 new-routing-mark=WAN2 passthrough=no
with adding this script so i can ping from the internet to my mikrotik router. But I facing some problem and question. below my question :
when i change chain=prerouting to chain=output in mangle mark-routing above, my mikrotik can’t ping from internet and user cannot connect internet. Why ?
When I setup VPN for every group user, the interface for vpn cannot created and vpn user cannot connect too. but when i add my ip route with this :
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=202.10.10.1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=203.10.10.1 scope=30 target-scope=10
so i have 4 iproute like below :
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=202.10.10.1 routing-mark=WAN1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=203.10.10.1 routing-mark=WAN2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=202.10.10.1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=203.10.10.1 scope=30 target-scope=10
Why ?
I hope anyone can share some information about this.
