Split international & local traffic by ip & route over pppoe

RouterOS Beginner Basics
1

Please help…
I’ve been trying to split the internet traffic accross two differnetn ADSL accounts - the one for local (within country) traffic and the other for international.
I spent hours yesterday but with no success.
I’ve created the Address List of local ip’s under the Firewall and tried marking the packets for routing under Mangle. I setup two gateways (using Gateway interface) for my two pppoe accounts (one local only and the other international only) but both using same ethernet port connected to ADSL modem. But still get packets going over the wrong route. Using Router OS 3.3

Any ideas please?
SA Address List1.JPG
Mangle&RouteList.JPG

2

When you set up your gateways, are you assuming that the destination gateway will always be the same? What will happen if they change?

When you say the traffic is going out on the wrong route, is this consistent? What example have you looked at?

3

Dear Hilton, Thanks for the reply.

I found that the local traffic was still going out even though the international pppoe route was the only active one!
The destination is 0.0.0.0/0 for the pppoe gateway interface setup.
I used the links below to construct my solution. http://wiki.mikrotik.com/wiki/How_to_apply_different_limits_for_Local/Overseas_traffic
http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways

Any help greatly appreciated.

4

Ok Shaun, I’m going to set this up on my 3.10 box and see what happens. I’ll just have to quickly buy a local only account and then we can work together to get this right.

Sound ok to you?

Just confirm that both your DSL PPPOE sessions are dynamic?

5

Dear Hilton,

Thanks! I’ve been using Web Africa @ R19/GByte for the one pppoe! Makes this setup very attractive…
Both the pppoe are dynamic - the other is with Telkom.

Regards

Shaun

6

In case you need it I’ve attached the SA Address list script is attached ready to add preceded by the script: / ip firewall address-list
I believe it can be created and kept up to date with bgp but have no idea how… any ideas?

7

The address is;
http://alm.za.net/ip/localroutes4.txt

and then you need to look at this thread, very interesting.

http://forum.mikrotik.com/t/using-fetch-to-retrieve-ip-lists/21574/1

The list needs cleaning up though.

8

Thanks Hilton. Looked at the scripting…will take me a while to work out…
Perhaps if you get this right you can send me the script to load please.
Thanks for the help this far.

9

Would help me a lot if can get a copy of the script.

Thanks Shaun

10

Shaun, sorry but it was hectic last week. I’ll duplicate your effort shortly.

11

Thank you Hilton - had another loot at the script and can’t work out if I must store the ip address file online or on the Mikrotik. Your script will be of great help.

12

Hi guys, I hope this helps

Here is a video tutorial by DoctorZA: http://mybroadband.co.za/vb/showthread.php?t=83855&highlight=routeros+guide
It is in afrikaans but you can follow his steps by watching the video…

The only problem is that it is for IS local only but I want to use SAIX local only…Do you guys have a list of SAIX local only?

EDIT: could I also have a copy of your scripts? jpw.ctn[at]webafrica[dot]org[dot]za

thanks

13

Shucks that video has disappeared :frowning:

14

I have it on my hard drive :smiley:

I can email it to you?

15

Thanks voipsw AT gmail DOT com

16

email sent

17

Ok, just watched the video and all that was done was a bunch of local IPs were added to the route list and the pppoe connection set to “no default route”.

I was expecting a way more complicated setup with fancy mangle rules and packet marking etc.

Is it really this simple?

18

For a basic setup you do not need mangle rules…but if you want to send different source ip through specific gateways then you will need to use route marking…

But yes, it is that simple…

19

Ok, got all this to work. Shaun, we’ll have a nice solution soon. Problem I have is that whilst my outgoing traffic is nicely split into local and international, the incoming traffice is a problem. I’m not talking about a session created from within, rather say mail being delivered to my dynamic address for exchange server.

I’ve check my dstnat rules for this ‘port forward’ and the rule references my int adsl pppoe connection and I can see traffic on the rule. I then thought it may be the changeip script but this also specifically references the int adsl pppoe connection.

So theoretically if someone outside wanted to say telnet or even ping my router (which you now can’t do), they would ping my changeip name which would resolve to ip assigned by my int adsl pppoe connection (which it does) but for some reason nothing happens.

I have two masquerade rules;

;;; NAT for adsl
chain=srcnat action=masquerade src-address=192.168.50.0/24 out-interface=adsl_int

;;; NAT for local adsl
chain=srcnat action=masquerade src-address=192.168.50.0/24 out-interface=adsl_loc

Then one example of a dstnat;

;;; Exchange SMTP ADSL
chain=dstnat action=dst-nat to-addresses=192.168.50.5 to-ports=25 in-interface=adsl_int dst-port=25 protocol=tcp

Even two mangle rules;

;;; new MTU rule
chain=forward action=change-mss new-mss=1442 tcp-flags=syn out-interface=adsl_int protocol=tcp tcp-mss=1441-65535

;;; new MTU rule
chain=forward action=change-mss new-mss=1442 tcp-flags=syn out-interface=adsl_loc protocol=tcp tcp-mss=1441-65535

Any ideas on the what the problem could be? I suspect a routing issue or NAT but…

20

Glad to hear we getting there …
Only thing I can think of is to remove once masquerade rule and change the other simply to

;;; NAT for adsl
chain=srcnat action=masquerade

I can’t explain it but this is how my setup works (I’ve an international and local account) - perhaps its worth a try on yours, although yours is far more involved than mine.

Looking forward to seeing it once its done please.