is this achievable within RouterOS or do I have to look for other solutions?
I want to load balance my traffic in such way, that all traffic goes primary through primary link WAN1 except in case of failures where goes through fail-over link WAN2 instead.
Except for HTTP/HTTPS against for certain domains, for instance *.youtube.com, *.flickr.com, which unconditionally should always be through WAN2 and never through WAN1 (or if necessary due to design restrictions only when link WAN2 is down).
I have a rb751g-2hnd which I have managed to create a simple load balancer out of, thanks to the loads of documents and forum posts explaining various scenarios, but I don’t know where to start looking for when it comes to filter/redirect certain traffic.
From what I have read it looks like the best way performance-wise, if possible, is to also use the Mikrotik router as a transparent proxy but I don’t see how I could to set up rules to redirect the traffic through a certain gateway.
My network is basically:
WAN1 - dynamic IP from ISP
LAN1 - master switch
LAN2 - slave switch
LAN3 - slave switch
WAN2 - dynamic IP from ISP
WLAN1 - WiFi
Yes, it is possible. I don’t know the syntax, but you need to read this first. Here is another interesting read, not exactly what you’re looking for but does mention the redirection.
It might be something like
/ip proxy
set parent-proxy=LAN5 parent-proxy-port=3128
Although the links doesn’t seem to provide me with a clear answer but you gave me enough hope to find out about the tcp_outgoing_address directive in squid which might solve my issues, even though I was hoping to find such solution within the Routerboard and it seem to have been a request at least once in the past
So apparently the best solution would be to set up squid on my server and a virtual interface and redirect all http(s) traffic from my routerboard to that server and have traffic leave squid on a specific interface depending on requested url from the client computer. Then back on the routerboard with some firewall rules the traffic will leave on corresponding WAN interface. I’ll have some homework to do. For the curious, in the long run I plan to establish at least a bit more privacy at the LAN to have traffic to sites which requires registration to pass through one WAN link and the rest through other WAN links.