i thought it should be work with reverse nth.
but not successful.
is there anyone who success to archive it?
basically i have two server and one ros machine and they all have public ip.
i want make client just access ros machine and slb for this two server. that two server have exactely same service and contents.
thanks to read.
Nth matches packets, so you’re breaking the connection by sending packets of the same connection to different servers. That cannot possibly work. Use PCC instead, together with destination NAT.
Thank you fewi.
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” disabled=
no out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment=“” connection-mark=server1 disabled=
no dst-address=192.168.1.186 to-addresses=192.168.1.254
add action=dst-nat chain=dstnat comment=“” connection-mark=server2 disabled=
no dst-address=192.168.1.186 to-addresses=192.168.1.253
/ip firewall mangle
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address=192.168.1.186 dst-port=80 new-connection-mark=server1
passthrough=no per-connection-classifier=src-address:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address=192.168.1.186 dst-port=80 new-connection-mark=server2
passthrough=no per-connection-classifier=src-address:2/1 protocol=tcp
in my sample configuration, the 192.168.1.186 is the RouterOS ip.
192.168.1.253 is the first web server ip
192.168.1.254 is the second web server ip.
i did it and it seems work.
any suggestion?
Jin Lee
Just to confirm - it does work? You’re just looking for input on improvements?
I guess you could simplify it by using PCC directly in NAT. No need to mark the connection first, really. I think using src-address as the classifier is the perfect choice for stability.