MSN Disconnect

sleimanr · Tue Nov 16, 2010 10:45 am

Dear All,

Before i add other accounts every thing is ok....
when i add new route msn disccount after 5 min

Interface:
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU
0 R Real ether 1500
1 R Real2 ether 1500
2 R Realg1 ether 1500
3 R Realg2 ether 1500
4 R Fake ether 1500
5 R Dilink ether 1500
6 R Volcano ether 1500
7 R Facebook ether 1500
8 R Real8 ether 1500
9 DR <pppoe-jjnmohanad> pppoe-in 1480
10 DR <pppoe-tyrdahmadd> pppoe-in 1480
11 DR <pppoe-said1974> pppoe-in 1480
12 DR <pppoe-ma3sh7adi3> pppoe-in 1480
13 DR <pppoe-kanaaliabedali> pppoe-in 1480
14 DR <pppoe-monzersaddekien> pppoe-in 1480
15 DR <pppoe-t4> pppoe-in 1480
16 DR <pppoe-kanaalikorari> pppoe-in 1480
17 DR <pppoe-tyrdhomee> pppoe-in 1480
18 DR <pppoe-aboimad2009> pppoe-in 1480
19 DR <pppoe-moussatrad1> pppoe-in 1480
20 DR <pppoe-s8> pppoe-in 1466
-- [Q quit|D dump|down]

Many thx,

SurferTim · Tue Nov 16, 2010 1:59 pm

How do you have the srcnat/masquerade set for that interface? Masquerade works good if one ip on an interface, but with two, you should use action=src-nat.

If you routed this network, check that 10.10.10.x is routed back to this router from 192.168.30.1 router. Is that what you are doing?

sleimanr · Tue Nov 16, 2010 2:43 pm

[admin@DS new] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=10.10.10.0/27

1 chain=srcnat action=masquerade src-address=10.10.10.32/27

2 chain=srcnat action=masquerade src-address=10.10.10.96/27

3 chain=srcnat action=masquerade src-address=10.10.10.64/27

4 chain=srcnat action=masquerade src-address=10.10.10.128/27

5 chain=srcnat action=masquerade src-address=10.10.10.160/27

6 chain=srcnat action=masquerade src-address=10.10.10.192/27

7 chain=srcnat action=masquerade src-address=10.10.10.224/27

plz send me steps for srcnat/masquerade

SurferTim · Tue Nov 16, 2010 2:54 pm

You really should use the routing-marks to do the src-nat. I'll give you an example, but I can't see the ips assigned to your Real8 interface, so if the ip is not 192.168.1.150, replace with the correct ip. Must be the same subnet as the GroupA gateway. The rest GroupX's should be about the same.

/ip firewall nat
add chain=srcnat action=src-nat routing-mark=GroupA to-addresses=192.168.1.150

Then remove all the masquerades.
You will probably want to add a default srcnat for the default route also.

sleimanr · Tue Nov 16, 2010 4:05 pm

[admin@DS new] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=10.10.10.0/27

1 chain=srcnat action=masquerade src-address=10.10.10.32/27

2 chain=srcnat action=masquerade src-address=10.10.10.96/27

3 chain=srcnat action=src-nat to-addresses=192.168.23.150
routing-mark=Group D

4 chain=srcnat action=src-nat to-addresses=192.168.34.150
routing-mark=Group D

5 chain=srcnat action=masquerade src-address=10.10.10.128/27

6 chain=srcnat action=masquerade src-address=10.10.10.160/27

7 chain=srcnat action=masquerade src-address=10.10.10.192/27

8 chain=srcnat action=masquerade src-address=10.10.10.224/27

[admin@DS new] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 reachable 192.168.0.1 1 Realg1
1 A S 0.0.0.0/0 reachable 192.168.25.1 1 Volcano
2 A S 0.0.0.0/0 reachable 192.168.1.1 1 Real
3 A S 0.0.0.0/0 reachable 192.168.34.1 1 Realg2
reachable 192.168.23.1 Realg2
4 A S 0.0.0.0/0 reachable 192.168.26.1 1 Dilink
5 A S 0.0.0.0/0 reachable 192.168.27.1 1 Facebook
6 A S 0.0.0.0/0 reachable 192.168.11.1 1 Real2
7 A S 0.0.0.0/0 reachable 192.168.36.1 1 Real8

8 ADC 10.10.10.0/24 10.10.10.1 0 Real

sleimanr · Tue Nov 16, 2010 4:12 pm

plz look packets=0
??

SurferTim · Tue Nov 16, 2010 4:17 pm

It should look like this:

0 chain=srcnat action=src-nat to-addresses=192.168.1.150
routing-mark=GroupA

1 chain=srcnat action=src-nat to-addresses=192.168.11.150
routing-mark=GroupB

2 chain=srcnat action=src-nat to-addresses=192.168.0.150
routing-mark=GroupC

3 chain=srcnat action=src-nat to-addresses=192.168.34.150
routing-mark=GroupD

4 chain=srcnat action=src-nat to-addresses=192.168.25.150
routing-mark=GroupE

5 chain=srcnat action=src-nat to-addresses=192.168.26.150
routing-mark=GroupF

6 chain=srcnat action=src-nat to-addresses=192.168.27.150
routing-mark=GroupG

7 chain=srcnat action=src-nat to-addresses=192.168.36.150
routing-mark=GroupH

8 chain=srcnat action=src-nat to-addresses=192.168.1.150

I took the spaces out of the routing-mark names. Just my preference. I also added a default. Add a default route (no routing-mark) to match

/ip route
add gateway=192.168.1.1

No masquerades at all.

ADD: I don't see a routing-mark that uses 192.168.23.1 as a gateway. ??

I will be more specific about why no packets. That routing-mark (GroupD) srcnat is never evaulated. The order in this list is important. The NAT routine finds the 10.10.10.32/27 masquerade rule first, and that is it. It never goes any farther down the list to get to the src-nat rules.

sleimanr · Tue Nov 16, 2010 7:37 pm

plz look at the circle this is my idea to add tow ip to one interface

SurferTim · Tue Nov 16, 2010 10:44 pm

Exactly like the others. Set a routing-mark (like GroupJ). You need to decide what ips go through it, just like the others. Then:

/ip route
add gateway=192.168.23.1 routing-mark=GroupJ

/ip firewall nat
add chain=srcnat action=src-nat to-addresses=192.168.23.150 routing-mark=GroupJ

Move the srcnat above the default srcnat (without a routing mark), like with:
move 9 8

sleimanr · Tue Nov 16, 2010 11:38 pm

Ip Route
3 A S 0.0.0.0/0 reachable 192.168.34.1 1 Realg2
reachable 192.168.23.1 Realg2

Ip firewall nat
2 chain=srcnat action=src-nat to-addresses=192.168.34.150 routing-mark=Group D

where 23.1 ??

SurferTim · Tue Nov 16, 2010 11:58 pm

It looks like the route is there already. Does it have a routing mark?
/ip route print detail

If it does not have a routing-mark, add the gateway entry above with the routing-mark.

The srcnat you must move. It will be added at the bottom of the list.

ADD: It appears you entered that default route as a load balancing gateway, like maybe

/ip route
add gateway=192.168.34.1,192.168.23.1

If so, add each gateway separately with its own routing-mark, then remove the old one.

sleimanr · Wed Nov 17, 2010 9:34 am

# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 reachable 192.168.0.1 1 Realg1
1 A S 0.0.0.0/0 reachable 192.168.25.1 1 Volcano
2 A S 0.0.0.0/0 reachable 192.168.1.1 1 Real
3 A S 0.0.0.0/0 reachable 192.168.34.1 1 Realg2
reachable 192.168.23.1 Realg2
4 A S 0.0.0.0/0 reachable 192.168.26.1 1 Dilink
5 A S 0.0.0.0/0 reachable 192.168.27.1 1 Facebook
6 A S 0.0.0.0/0 reachable 192.168.11.1 1 Real2
7 A S 0.0.0.0/0 reachable 192.168.36.1 1 Real8
8 ADC 10.10.10.0/24 10.10.10.1 0 Real

there is internet but the traffic from one account

SurferTim · Wed Nov 17, 2010 1:08 pm

Is that the output of "/ip route print detail"? I don't think so, but if it is, there are no routing-marks on any routes. And you have not corrected the load balancing on the Realg2 interface.

There may be only one interface getting traffic. That depends on your clients ip addresses. If they all are using one routing mark, then that is the route/srcnat they will use.

sleimanr · Wed Nov 17, 2010 1:37 pm

will u plz send me deitails : Route,Nat and Mangle rules

mant thxx,

SurferTim · Wed Nov 17, 2010 1:53 pm

All this is based on your mangle rules. I don't know what your goal is. I was trying to get the setup you selected working.

I have given you the nat rules already, all based on the routing-marks you had entered in "/ip route". If you are going to use routing marks, you should use them on the gateway (/ip route) and the srcnat (/ip firewall nat). This setup allows you to simply change a routing mark assignment, and everything follows along. No need to modify the routes or srcnats.

These are the correct entries for these routes. Enter these, then remove the rule currently #3.

/ip route
add gateway=192.168.23.1 routing-mark=GroupJ
add gateway 192.168.34.1 routing-mark=GroupD

FYI: I do this to help you learn how to do it, not to do it for you. I collect money for that!

sleimanr · Wed Nov 17, 2010 4:41 pm

ok no problemmmmmmmmmmmmmmmmmmmmm
this my msn chat: slaimanroumie@hotmail.com

SurferTim · Wed Nov 17, 2010 4:46 pm

My email address is in my user profile. Email me from your hotmail account and we can discuss it.

sleimanr · Wed Nov 17, 2010 5:05 pm

Networks.tim@prolectron.com
wrong email?

SurferTim · Wed Nov 17, 2010 5:12 pm

No. Leave off the Networks. part. And please don't post my email address on the open forum. Every email spider in the world will have it in no time. In the user profile, they would need to login to get it.
tim (at) prolectron.com

sleimanr · Wed Nov 17, 2010 5:15 pm

i sent u email

SurferTim · Wed Nov 17, 2010 5:22 pm

Got it. And a response is on the way back.

MSN Disconnect

MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Re: MSN Disconnect

Who is online