Community discussions

MikroTik App
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Force local IP to use specific wan on load balancing

Sun Mar 31, 2019 6:56 pm

Hello,

I have setup load balancing through PCC. I have two outpout :
WAN_DSL and WAN_4G

I have two local clients, TV box provided by DSL ISP and a personal file server.
I want to force TV box to only use WAN_DSL (tv stream doesn't work on LTE) and force file server to only use WAN_4G, both have fixed IP on LAN.

I already have found PBR informations here : https://wiki.mikrotik.com/wiki/Policy_Base_Routing but it seems a bit complicated, I hope you can give me a simple way to set that.

Thanks people :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Force local IP to use specific wan on load balancing

Sun Mar 31, 2019 7:30 pm

Can you clarify that you want to provide a file server on a cellular 4G network? In other words you are expecting others to come in on the 4G network and get files from your server?
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Sun Mar 31, 2019 7:48 pm

Can you clarify that you want to provide a file server on a cellular 4G network? In other words you are expecting others to come in on the 4G network and get files from your server?
It's my private file server, and I have 100mb upload on my 4G wan vs 128kb upload on DSL. And unlimited data plan ;)
Actually it's to be able to upload all my pictures to amazon and google photo so I have a backup on cloud servers.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Force local IP to use specific wan on load balancing

Sun Mar 31, 2019 8:08 pm

I guess what I meant is that you will be accessing your file server when at remote sites (like a coffee shop etc).
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Sun Mar 31, 2019 8:21 pm

Nope, I already use teamviewer for that purpose.
And I just discovered that I need to force another local client to use only one output... My son's Switch, Nintendo online seems to be damn picky :(
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Sun Mar 31, 2019 9:04 pm

 
solar77
Long time Member
Long time Member
Posts: 586
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 5:04 pm

It would normally work but I am not 100% in your case because you already have PCC.

I'd suggest to try
 
 /ip firewall mangle
 add chain=prerouting src-address=IP_of _ Nintendo dst-address-type=!local action=route dst-address=gateway_WAN2
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 5:46 pm

It would normally work but I am not 100% in your case because you already have PCC.

I'd suggest to try
 
 /ip firewall mangle
 add chain=prerouting src-address=IP_of _ Nintendo dst-address-type=!local action=route dst-address=gateway_WAN2
Thanks for your hint, just tried :)
It seems to forward my IP through WAN2 as expected, but it also seems to totally bypass dst-nat rules I need to forward ports. Is mangle prioritized over NAT ? Or is it the action "route" who does bypass everything else ?
 
solar77
Long time Member
Long time Member
Posts: 586
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 6:01 pm

it does seem to bypass policy based routing, I am not sure why but hopefully someone can tell me in this thread.

what port forwarding do you have to do? is it to the Nintendo ? this rule should only affect traffic originated from this particular IP address.
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 6:08 pm

/ip dhcp-server lease
add address=192.168.0.7 mac-address=nintendo:mac server=defconf
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/24 \
    new-routing-mark=through_WAN_4G src-address=192.168.0.7
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAT A for Switch" dst-port=1-65535 \
    in-interface=WAN_4G protocol=udp routing-mark=through_WAN_4G \
    to-addresses=192.168.0.7 to-ports=1-65535
add action=src-nat chain=srcnat routing-mark=through_WAN_4G to-addresses=\
    192.168.1.1
/ip route
add distance=1 gateway=192.168.1.1 routing-mark=through_WAN_4G
Ok, that's what I fumbled around for now...
Forcing specific IP through specific WAN : Check !
Opening UDP ports for that specific IP as well : not check :(
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 6:12 pm

what port forwarding do you have to do? is it to the Nintendo ? this rule should only affect traffic originated from this particular IP address.
https://en-americas-support.nintendo.co ... ch-console

In my opinion it's crap, opening whole UDP ports towards the Switch... but well, their "online" feature (you have to pay for) is basic P2P and I have to deal with... Or suffer about kids crying that they're not able to play online ^^
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 6:22 pm

IT WORKS !!!
Just had to uncheck Passthrough in mangle rule :)
 
solar77
Long time Member
Long time Member
Posts: 586
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 6:33 pm

Glad it worked.

opening all these UDP port and the word P2P seems be a "risky game" :-)
I'd suggest to put this device in it's own VLAN so whoever has access to it, cannot access anything else on your network.

PS: use good measure to protect your router as well. close down services you don't need, upgrade firmware. etc.
 
ElTRiC
just joined
Topic Author
Posts: 17
Joined: Mon Mar 11, 2019 7:49 pm

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 7:11 pm

Glad it worked.

opening all these UDP port and the word P2P seems be a "risky game" :-)
I'd suggest to put this device in it's own VLAN so whoever has access to it, cannot access anything else on your network.

PS: use good measure to protect your router as well. close down services you don't need, upgrade firmware. etc.
I know it's not safe. Now adding a VLAN only for this client? Since I never have set one up on mikrotik I fear to spend a lot of time and break other rules which are finally working now.
Ofc I'm monitoring my router closely, it was already hacked within a day when I started to set it up without password :shock:
 
solar77
Long time Member
Long time Member
Posts: 586
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Force local IP to use specific wan on load balancing

Tue Apr 02, 2019 7:37 pm

keep a backup config each step of the way . so you can always reset the router to factory default and come back to your latest backup again. This made me been very brave in my early days with Mikrotik
 
Tower3
just joined
Posts: 2
Joined: Thu Oct 04, 2018 1:00 pm
Location: Krugerdorp, South Africa
Contact:

Re: Force local IP to use specific wan on load balancing

Wed Apr 03, 2019 11:29 am

Hello everyone, i appologise in advance if im posting in the wrong section as i am new to the forum.
I have a problem with mangle, i have RB3011 with 3 gateways on it, OSPF setup successfully with a static gateway. I setup mangle to identify my different subnets and place routes so that certain subnetscan use certain gateways. All is working well for months now and the only problem that i a, having is that i loose comms with subnets that are not using the default route.

I am sure it is a simple fix but just can seem to find it

Thax

Who is online

Users browsing this forum: BioMax and 33 guests