hi,
i got 3 MT units with 2 ADSL lines:

ADSL1—eth1| MT1|eth3—eth1|MT2|wlan1(to clients) |MT3|wlan1(clients)
ADSL2—eth2||eth5—eth2||wlan3------wlan3|___|

all i want to do is to split the traffic so that all traffic from MT2 will go to ADSL 1 and traffic from MT3 will go to ADSL2
i have connected MT1 and MT2 together with two ethernet cables so that i have two physcal connections between the two boards. each in its own ip range.
MT1 eth3 to MT2 eth 1 172.17.1.1-2/30
MT1 eth5 to MT2 eth2 172.17.2.1-2/30
MT2 wlan3 to MT3 wlan3 172.17.0.1-2/30
i mangle at MT2:so that alll traffic from MT3 will go to eth2 on MT2. using the IP address of the wlan3 on MT3 as source address.
chain=prerouting action=mark-routing
new-routing-mark=Tyger Traffic to Main passthrough=yes
src-address=172.17.0.2

routing:
add comment=“Second Route” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=172.17.2.1 routing-mark=“Tyger Traffic to Main” scope=30
target-scope=10
add comment=“Main route” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=172.17.1.1 scope=30 target-scope=10

At MT1 i mangle again for mark routing to split the two traffic steams , each to its own ADSL line. if i use the ip of wlan3 of MT2for src-address(172.17.2.1), it doesnt work but with ip of wlan3 of MT3(172.17.2.2), it works.

1: add action=mark-routing chain=prerouting comment=“Tyger to Main to Mweb2”
disabled=no new-routing-mark=“Tyger to Main to Mweb2” passthrough=yes
src-address=172.17.2.2
2: add action=mark-routing chain=prerouting comment=“Main to Mweb1” disabled=no
new-routing-mark=“Main to Mweb1” passthrough=yes src-address=172.17.1.1

routing: i added one extra route so that all traffic not mangled will go thought one line as well:
add comment=“Tyger traffic to Mweb2” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=41.134.106.141 routing-mark=“Tyger to Main to Mweb2”
scope=30 target-scope=10
add comment=“Route for Mweb1” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=41.134.31.98 routing-mark=“Main to Mweb1” scope=30 target-scope=
10
add comment=“For all unmangled connnections” disabled=no distance=1
dst-address=0.0.0.0/0 gateway=41.134.31.57 scope=30 target-scope=10


This works great with no hassles. my problem however, is that i cant ping my radius manager which is on eth4 at MT1. 192.168.1.222. eth4 is 192.168.1.1
masqurade is enabled where needed. can surf internet etc with no hassles but just cannot ping radius server from MT3 if mangle rule on MT1 (rule 1) is enabled. can ping it however from MT2

can any one help me with why i cant ping the radius?

thx
dipdip

ok update

i just did a traceroute from MT to the radius manager.
it seems the traffic to 192.168.1.222 (radius manager) get routed out throught MT1 to the Internet as well.

weird, seeing that teh radius manager is connected to eth4(192.168.1.1)

i thought that it would automatically route to eth4.

how do i prevent internal traffic to be routed out as well?
cant do another route on MT1 because you cant specify a gateway (same segment)

HELP!

Rather than describing it in text form - which is hard to follow - could you please post a network diagram as a picture with ports and devices labeled and the IPs shown together with the make and model, and with the output of “/ip address print detail”, “/ip route print detail”, “/interface print”, and “/ip firewall export” and any bridge or switch chip config you might have depending on the model. Any output shown please wrap in

 tags.

ok. i changed the setup and done away with the second eth cable between MT1 and MT2. used http://www.youtube.com/watch?v=Iad-Cb2gBnw to do a simple load balancing between the 2 ADSL lines and its working great.

BUT the same prob persists. I can't ping/access the Radius server from MT2 or MT3 as long as I use Mangle for routing marks on MT1.

I can however, ping the eth4 which is the interface for the Radius network, from MT1 from MT2 and MT3.

Please note that the public IP's of the 2 ADSL lines and eth1,2 of MT1 has been modifed for this post.

The prob must be on MT1. Details as requested follows.
[ /ip address> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 1st Public IP on ADSL Router 1
address=49.49.49.50/28 network=49.etc broadcast=49. etc
interface=ether1 actual-interface=ether1

1 ;;; Link to Radius Server
address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255
interface=ether4 actual-interface=ether4

2 ;;; Link to Wireless Network
address=172.17.1.1/30 network=172.17.1.0 broadcast=172.17.1.3
interface=ether3 actual-interface=ether3

3 ;;; 1st Public IP on ADSL Router 2
address=51.51.51.52/28 network=51.etc
broadcast=51. etc
interface=ether2 actual-interface=ether2

4 address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255
interface=ether4 actual-interface=ether4



[ /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU

0 R ;;; Link to ADSL Router 1
ether1 ether 1500 1524
1 R ;;; Link to ADSL Router 2
ether2 ether 1500 1524
2 R ;;; Link to Wireless Network
ether3 ether 1500 1524
3 R ;;; Link to Radius Server
ether4 ether 1500 1524 ]

[ /ip firewall> export
/# jan/03/1970 16:17:06 by RouterOS 4.11

software id = A6YG-5A3U

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=prerouting comment="" disabled=no
in-interface=ether3 new-connection-mark=list_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" disabled=no in-interface=
ether3 new-routing-mark=list_1 passthrough=yes src-address-list=list_1
add action=mark-connection chain=prerouting comment="" disabled=no
in-interface=ether3 new-connection-mark=list_2 passthrough=yes
add action=mark-routing chain=prerouting comment="" disabled=no in-interface=
ether3 new-routing-mark=list_2 passthrough=yes src-address-list=list_2
add action=mark-connection chain=prerouting comment="" connection-state=new
disabled=no in-interface=ether3 new-connection-mark=list_1 nth=4,1
passthrough=yes
add action=add-src-to-address-list address-list=list_1 address-list-timeout=
1d chain=prerouting comment="" connection-mark=list_1 disabled=no
in-interface=ether3
add action=mark-routing chain=prerouting comment="" connection-mark=list_1
disabled=no in-interface=ether3 new-routing-mark=list_1 passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=new
disabled=no in-interface=ether3 new-connection-mark=list_2 nth=4,2
passthrough=yes
add action=add-src-to-address-list address-list=list_2 address-list-timeout=
1d chain=prerouting comment="" connection-mark=list_2 disabled=no
in-interface=ether3
add action=mark-routing chain=prerouting comment="" connection-mark=list_2
disabled=no in-interface=ether3 new-routing-mark=list_2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Load balancing Router1" disabled=no
out-interface=ether1
add action=masquerade chain=srcnat comment="Load balancing Router2" disabled=no
out-interface=ether2
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=8080
protocol=tcp to-addresses=192.168.1.222 to-ports=80
add action=masquerade chain=srcnat comment="" disabled=yes
add action=dst-nat chain=dstnat comment="Remote Radius" disabled=no
dst-address=41.134.31.59 protocol=tcp to-addresses=192.168.1.222
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no ]

no bridges or anything.

thx[attachment=0]MTForum1.JPG[/attachment

MTForum1.JPG873×426 33.9 KB