Hi guys…
We’ve trying to do a load balancing with the NTH method that is published in Wiki Mikrotik,
http://wiki.mikrotik.com/wiki/Load_Balancing
But, the thing is we couldn’t redirect the traffic to web proxy…
we have tried to redirect the traffic with every possible way…
and everytime we enable the redirect, the client couldn’t browse..but the ping is ok…
Can somebody help us with this…
Thanks..
Can you past here all configuration that you have ?
IP Firewall Filter
0 ;;; allow established connections
chain=forward action=accept connection-state=established
1 ;;; allow related connections
chain=forward action=accept connection-state=related
2 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid
IP Firewall NAT
0 X chain=srcnat action=masquerade out-interface=CBN
1 X chain=srcnat action=masquerade out-interface=DSL
2 chain=srcnat action=src-nat to-addresses=192.168.1.251 to-ports=0-65535
connection-mark=odd
3 chain=srcnat action=src-nat to-addresses=192.168.2.251 to-ports=0-65535
connection-mark=even
4 X chain=dstnat action=redirect to-ports=3128 in-interface=LAN dst-port=80
protocol=tcp connection-mark=odd
5 X chain=dstnat action=redirect to-ports=3128 in-interface=LAN dst-port=80
protocol=tcp connection-mark=even
IP Firewall Mangle
0 chain=prerouting action=mark-connection new-connection-mark=odd
passthrough=yes connection-state=new in-interface=LAN nth=1,1,0
1 chain=prerouting action=mark-routing new-routing-mark=odd passthrough=no
in-interface=LAN connection-mark=odd
2 X chain=prerouting action=mark-packet new-packet-mark=proxy passthrough=no
in-interface=LAN connection-mark=odd
3 chain=prerouting action=mark-connection new-connection-mark=even
passthrough=yes connection-state=new in-interface=LAN nth=1,1,1
4 chain=prerouting action=mark-routing new-routing-mark=even passthrough=no
in-interface=LAN connection-mark=even
5 X chain=prerouting action=mark-packet new-packet-mark=proxy passthrough=no
in-interface=LAN connection-mark=even
IP Routes
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
0 ADC 192.168.1.0/24 192.168.1.251 CBN
1 ADC 192.168.2.0/24 192.168.2.251 DSL
2 ADC 192.168.8.0/24 192.168.8.250 LAN
3 A S 0.0.0.0/0 r 192.168.1.250 CBN
4 A S 0.0.0.0/0 r 192.168.2.250 DSL
5 A S 0.0.0.0/0 r 192.168.1.250 CBN
r 192.168.2.250 DSL
IP Address
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
Appreciate for the help..
anyone ???
so, in routes you have set routing-mark field?
yupss…
already done that…
there’s nothing wrong with the load balancing…it works perfectly…what matter is the web proxy…everytime we redirect the tcp-80 traffic to web proxy, using redirect or dst-nat, using port 3128 or 8080…it’s just the same…
web browsing is troubled…but other traffic such as ping is ok…
I don’t see why do you need those firewall filter rules.
You also have some NAT rules disabled, guess for testing you’ve done
As for the webpoxy it is simple, ate least it works fine for me. First you need
to configure the webproxy as follows:
enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: 12000000KiB
max-ram-cache-size: none
status: running
reserved-for-cache: 11999232KiB
after that you need a NAT rule which will redirect all trafic on port 80 to the port
specified on the web-proxy, in this case the 8080. Do as follows:
Web-Proxy
chain=dstnat in-interface=LAN dst-address=!192.168.1.1 protocol=tcp
dst-port=80 action=redirect to-ports=8080
Notice that I have exluded the local IP 192.168.1.1 from the web-proxy.
This is the IP of the router which looks like it doesn’t work with web-proxy
enabled. This is it.
Also remember that there is a limit in the cache limit size which depends
on the RAM size. Every 1MB of RAM is equal to 1GB of disk space, or sth.
like that. Sorry I can’t remember the relation but you can find it on the
mikrotik manual
thanks for the reply caci99…
already done what you’ve suggested…
the proxy has no problem in a non load balancing environment…i’ve tried to disable the 2nd wan interface (or vice versa) and disable all the rule regarding the load balancing (mangle, address, routes)…and the proxy works perfectly…
but everytime i’m using both the wan line…and voila…the proxy stops working for me…
well, anyway…rite now i’m trying to use a linux distro, IPCop, as a proxy server, and just dst-nat the traffic to it…but, still i think it’s a waste to designate another pc when 1 pc with mikrotik would do all the job…
You’re right when you want to use Linux for the proxy. As far as I know Squid works better on Linux and does have less limit with RAM. It’s not a waste of time, I mean, if you have a spare PC, even a Pentium3, you can succesfully configure a proxy.
Now as for the MikroTik, mine works perfectly with load balancing and Web-Proxy enabled. I haven’t fully understand which of the interfaces Web-Proxy uses to access the internet, but I guess it uses what is configured on the IP Route.
Maybe there is a diference between your configuration and mine. I use Persistent Load Balancing, which depends on list of LAN IP. For more look at:
as web-proxy is a local process, you need to utilize chain output in mangle.
add these rules to firewall mangle.
chain=output out-interface=!LAN action=mark-connection new-connection-mark=odd
passthrough=yes connection-state=new nth=1,2,0
chain=output out-interface=!LAN action=mark-routing new-routing-mark=odd passthrough=no connection-mark=odd
chain=output out-interface=!LAN action=mark-connection new-connection-mark=even
passthrough=yes connection-state=new nth=1,2,1
chain=output out-interface=!LAN action=mark-routing new-routing-mark=even passthrough=no connection-mark=even
–
do not forget, you need to have 1 default route without mark-routing.