I have the following setup:
RB750G with ports 1 & 2 connected to ADSL routers.
Port 3 connects through an ISP supplied Billion Router to a switch which connects all my mail, ftp, http servers and Wireless network routers.
Port 4 connects to my local office network.
Port 5 connects to my RADIUS server.
The RB750G handles PPPoE connections to my ADSL ISP’s on ports 1 & 2.
The 3rd router is set up by the ISP and manages it’s own connection. (Billion Router)
I have a Load balancing setup using the examples from the ECMP toutorial in the Wiki for all 3 my ADSL Connections.
How the Billion router is set up is unknown, as the ISP refuses to reveal it’s secrets. All I know is that it opens a VPN tunnel to the ISP. The Billion is set up to provide DHCP on it’s own ports 1 & 2, and it has a DMZ setup on ports 3 & 4 which supplies the static IP’s. The ISP told me to plug my RB750 into port 3 (on the Billion) and to plug the switch into port 4. The Switch used to plug into port 3 on the RB750G. Then they will forward traffic to my RB750G using port 3 on the RB750.
Hope you are keeping up, because I got confused too.
I have been given 5 static IP’s from my ISP: 41.x.x.98 to 41.x.x.102. I have been told to set a default gateway on my RB750G to 41.x.x.97 (which is the Billion’s Public IP). Then the Public IP’s will magicly be availible to my RB750G and then I can set up NAT rules to forward the public IP’s to any device’s local IP in my network.
At first it did not work, so I remembered something the ISP Tech said, if you assign any of the public IP’s as a local IP on any server, the billion will know where to send the data, so I assigned public IP 41.x.x.98 to port 3 on the RB750G and presto, traffic started coming in. So then I proceeded to assign the remaining 4 IP’s also to port 3 on the RB750G. Now I can set up a NAT rule to forward traffic to the needed internal servers.
Now for the problem I am having. While the routing works 100% and I can get to the required servers using public IP’s from outside my network, the routing does not always work the way it should. I am suspecting my ECMP routing is confuzing the routing somehow.
I had a problem before, where one of the banking websites refused my clients to log in as their public IP’s changed between sessions. So I had to do a route mark on all HTTPS traffic and using a static route force all HTTPS traffic through one ADSL connection. This solved my problem with the HTTPS sites. Similarly I had a problem with my SMTP server when I used a DDNS IP to be able to use my local SMTP server remotely. I had to mark traffic for incoming SMTP and then the reply traffic from my SMTP server did not always return on the same public IP as the incoming trafic, so I had to force the SMTP reply traffic to use the DDNS public interface.
I am suspecting the same problem here. The request comes in via public IP 41.x.x.98 using 41.x.x.97 as a gateway, then the NAT takes it to the correct internal IP, then on the reply (http for example) the traffic goes out some of the other 2 ADSL lines and not using the same route as the incoming traffic, then the request times out on the client side requesting the web page for example.
I tried using the same rules for the SMTP and HTTPS, but it does now work. What I did for HTTPS was to route mark all incoming traffic on port 443 and then create a route using the route mark to a pppoe interface.
If I disable my 2 pppoe ADSL lines the static IP’s work 100% every time, but with all the ADSL lines active, I get access about 1/3 of the time.
Is there anyone who could give me some advice?