I’m writing this topic via my routerboard that has 2 internet connections (DSL and Cable, 2 default gateways with different routing marks). I do some marking to do tcp port 80 over the DSL line and everything else over cable. Works fine, I surf the web via the DSL line, do my ssh stuff via the cable connection, send mails through the cable connection, … but there is something I don’t understand…
As soon as I activate the marking, everything works fine and I have something like a “static” load balancing (which is my intention!), but the second this is active, I can no longer ping the WAN IPs??? I have two public IPs, one from my cable provider and one from my DSL PPTP connection, which are both pingable, but only as long as I don’t do any marking.
The question is why? Am I missing something? What do I have to configure for incoming connections? Or does my routerboard just want me to got to bed? G
I tried about an hour, than I posted the topic and a few minutes later, I found out that I just have to add the “default” gateway again without a routing mark.
Well, it’s far past midnight here
Thanks,
uebi
PS: I didn’t delete the topic, because maybe somebody has the same problem some day. If the admins don’t think that way - delete it and punish me in Krakow
Sure. Just replaced the IPs and addes some comments.
The 3 routes. I got one more static route for a network I always wanna reach via Upstream1, but I didn’t paste it here.
/ip route
add comment=“Gateway for upstream1 markings” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=upstream1-traffic scope=30
target-scope=10
add comment=“Gateway for upstream2 markings” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.2 routing-mark=upstream2-traffic scope=255
target-scope=10
add comment=“Default Gateway” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2.2.2.2 scope=255 target-scope=10
i have 2 dsl 1 is static ip and second is on dhcpd isp assing ip . i make port forwording 8291 to the dsl 1 ether2
simple senario all traffic route to ether3 except 80 on ether1 and i could connect winbox from remote location
i apply this rules based on your rules. this not working make any mistake ??
/ip route print
DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.0.0/24 192.168.0.4 ether2
1 ADC 192.168.1.0/24 192.168.1.101 ether3
2 ADC 192.168.10.0/23 192.168.10.1 ether1
3 A S ;;; Gateway for upstream1 markings
0.0.0.0/0 r 192.168.0.5 1 ether2
4 A S ;;; Gateway for upstream2 markings
0.0.0.0/0 u 192.168.1.100 1
5 A S ;;; Default Gateway
0.0.0.0/0 r 192.168.0.5 1 ether2
/ip firewall mangle
;;; All Connections
chain=prerouting in-interface=ether1 action=mark-connection new-connection-mark=all-connections passthrough=yes
Does your MT have the public IPs assigned to its interfaces and did you just replace them in your post to not show them? Is it a DSL MODEM or ROUTER?
Basically, I have both public IPs directly on my MT (static and pptp) and therefore I don’t need any portforwarding/marking/whatever to be able to access the router with winbox from outside my LAN.
lets assume both are dsl and i forworded 8291 from uplink1 connection ether2 , ether 3 dsl don’t have static ip . i hope you understand my question . send me your email i am online right now at msn
I already read it, but I’m still not sure why you need a portforwarding for Winbox ON the MT??
Do you have ADSL-Modems (Bridge) oder ADSL-Routers in front of the MT?
I never had any issues getting onto my MT with this config when the public IPs ar ON THE MT, not in front on the ADSL-Router! If your public IPs are configured on your ADSL Router (not the MT!), then you need to configure a DST-NAT on the ADSL-Router to forward the Winbox Port to the private MT IP, but I don’t any application where you need a portforwarding ON a MT to access it with winbox.
