Community discussions

MikroTik App
 
promethium
just joined
Topic Author
Posts: 2
Joined: Mon Aug 13, 2018 1:30 am

DNS timing out on hotspot with load balancing enabled

Sun Nov 22, 2020 3:27 pm

I have my router set up with dual wans and two different subnets. One is my home network and the other is a hotspot. For the home network, everything works splendidly. But with load balancing turned on for the hotspot, users get DNS timeouts and "No internet access" pages.
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Balancing" connection-mark=no-mark in-interface=pppoe-iSmart new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-RedNet new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=br1 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local hotspot=auth in-interface=br2 new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=both-addresses:2/0 tcp-flags=""
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=br1 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local hotspot=auth in-interface=br2 new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=br1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=yes in-interface=br2 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=br1 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=yes in-interface=br2 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting comment=VPN dst-address-list=to_VPN1 new-routing-mark=to_VPN1 passthrough=yes
add action=mark-routing chain=prerouting comment=Steam dst-port=1500,3005,3101,3478,4379,4380,27000-27099,28960 new-routing-mark=Steam passthrough=yes protocol=udp
add action=mark-routing chain=prerouting dst-port=1500,3005,3101,3478,4379,4380,27000-27099,28960 new-routing-mark=Steam passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment=GHMini log-prefix=GH new-routing-mark=to_WAN1 passthrough=yes src-address=10.10.1.19
What am I doing wrong here?

Attaching the entire config for reference/reviews :D
# nov/22/2020 19:30:22 by RouterOS 6.47.7
# software id = 43XC-KE5U
#
# model = RBD52G-5HacD2HnD
# serial number = D7160C3DE237
/interface bridge
add admin-mac=48:8F:5A:6E:72:6B auto-mac=no comment=Bridges name=br1
add admin-mac=48:8F:5A:6E:72:6D auto-mac=no name=br2
/interface ethernet
set [ find default-name=ether1 ] comment=WAN name=eth1-wan1
set [ find default-name=ether2 ] name=eth2-wan2
set [ find default-name=ether3 ] comment=LAN name=eth3
set [ find default-name=ether4 ] disabled=yes name=eth4
set [ find default-name=ether5 ] name=eth5
/interface pppoe-client
add add-default-route=yes comment="PPPoE Clients" default-route-distance=2 disabled=no interface=eth2-wan2 name=pppoe-RedNet user=Red0238@MATS
add add-default-route=yes disabled=no interface=eth1-wan1 name=pppoe-iSmart user=lazim.khalilchamber
/interface l2tp-client
add comment=VPNs connect-to=atlas.ishrak.xyz disabled=no name=l2tp-atlas use-ipsec=yes user=u002
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-g/n comment=WLAN country=bangladesh disabled=no frequency=2472 frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=\
    Home station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=no_country_set disabled=no frequency=5745 frequency-mode=superchannel installation=indoor mode=ap-bridge \
    ssid="Home 5G" station-roaming=enabled wireless-protocol=802.11
/interface 6to4
add comment="IPv6 Tunnel" !keepalive local-address=103.143.0.163 mtu=1280 name=sit1 remote-address=216.218.221.42
/interface wireless manual-tx-power-table
set wlan1 comment=WLAN
/interface wireless nstreme
set wlan1 comment=WLAN
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add management-protection=allowed name=profile1 supplicant-identity=MikroTik
/interface wireless
add disabled=no mac-address=4A:8F:5A:6E:72:6E master-interface=wlan1 name=wlan3 security-profile=profile1 ssid=MATS wds-default-bridge=br2 wps-mode=disabled
/ip firewall layer7-protocol
add name=Discord regexp="^.+(discord.gg).*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add hotspot-address=10.10.2.1 html-directory=flash/hotspot login-by=http-chap name=hsprof1
add hotspot-address=10.10.2.1 html-directory=flash/hotspot login-by=http-chap name=hsprof2
/ip pool
add name=lan ranges=10.10.1.10-10.10.1.200
add name=hotspot ranges=10.10.2.10-10.10.2.40
/ip dhcp-server
add address-pool=lan disabled=no interface=br1 name=dhcp1
add address-pool=hotspot disabled=no interface=br2 name=dhcp2
/ip hotspot
add address-pool=hotspot addresses-per-mac=1 disabled=no interface=br2 name=hotspot1 profile=hsprof2
/ip hotspot user profile
add address-pool=hotspot mac-cookie-timeout=1d name=mats-users
/ppp profile
add change-tcp-mss=no dns-server=10.8.0.1 local-address=10.8.0.1 name=l2tp-in1 use-compression=no use-encryption=yes use-ipv6=no use-mpls=no use-upnp=no
/queue type
add kind=pcq name=hotspot-queue-2m pcq-classifier=src-address,dst-address pcq-dst-address6-mask=64 pcq-rate=2M pcq-src-address6-mask=64
add kind=pcq name=hotspot-queue-1m pcq-classifier=src-address,dst-address pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
/queue simple
add max-limit=10M/10M name=hotspot-normal queue=hotspot-queue-2m/hotspot-queue-2m target=br2
/system logging action
set 0 memory-lines=500
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=br1 interface=wlan1
add bridge=br1 interface=eth3
add bridge=br1 disabled=yes interface=eth4
add bridge=br1 interface=wlan2
add bridge=br2 interface=eth5
add bridge=br2 interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=br2 tagged=br2 vlan-ids=3
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set default-profile=l2tp-in1 enabled=yes use-ipsec=required
/interface list member
add interface=pppoe-iSmart list=WAN
add interface=br1 list=LAN
add interface=pppoe-RedNet list=WAN
add interface=br2 list=LAN
add interface=l2tp-atlas list=WAN
/ip address
add address=10.10.1.1/24 interface=br1 network=10.10.1.0
add address=10.10.2.1/24 interface=br2 network=10.10.2.0
/ip cloud
set ddns-enabled=yes
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add add-default-route=no interface=eth1-wan1
add default-route-distance=2 interface=eth2-wan2
/ip dhcp-server lease
add address=10.10.1.201 client-id=1:f8:ac:65:9a:17:c6 mac-address=F8:AC:65:9A:17:C6 server=dhcp1
add address=10.10.1.10 client-id=1:88:c3:97:ec:c5:39 mac-address=88:C3:97:EC:C5:39 server=dhcp1
add address=10.10.1.19 mac-address=F0:EF:86:1C:73:D3 server=dhcp1
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.10.1.1 netmask=24
add address=10.10.2.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=10.10.2.1
/ip dns
set allow-remote-requests=yes servers=10.10.1.1,8.8.8.8
/ip firewall address-list
add address=10.10.2.0/24 list=local
add address=reddit.com list=to_VPN1
add address=10.10.1.0/24 list=local
add address=10.8.0.0/24 list=local
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="established + related" connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related,untracked disabled=yes
add action=accept chain=forward comment="established + related" connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="accept DSTNATed" connection-nat-state=dstnat connection-state=new
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Load Balancing" connection-mark=no-mark in-interface=pppoe-iSmart new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-RedNet new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=br1 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local hotspot=auth in-interface=br2 new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=both-addresses:2/0 tcp-flags=""
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=br1 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local hotspot=auth in-interface=br2 new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=br1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=yes in-interface=br2 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=br1 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=yes in-interface=br2 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting comment=VPN dst-address-list=to_VPN1 new-routing-mark=to_VPN1 passthrough=yes
add action=mark-routing chain=prerouting comment=Steam dst-port=1500,3005,3101,3478,4379,4380,27000-27099,28960 new-routing-mark=Steam passthrough=yes protocol=udp
add action=mark-routing chain=prerouting dst-port=1500,3005,3101,3478,4379,4380,27000-27099,28960 new-routing-mark=Steam passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment=GHMini log-prefix=GH new-routing-mark=to_WAN1 passthrough=yes src-address=10.10.1.19
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface-list=WAN src-address-list=local
add action=dst-nat chain=dstnat dst-port=25046 in-interface-list=WAN protocol=tcp to-addresses=10.10.1.201 to-ports=25046
add action=dst-nat chain=dstnat dst-port=25046 in-interface-list=WAN protocol=udp to-addresses=10.10.1.201 to-ports=25046
add action=dst-nat chain=dstnat dst-port=22 in-interface-list=WAN protocol=tcp to-addresses=10.10.1.17
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.10.2.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip hotspot service-port
set ftp disabled=yes
/ip hotspot user
set [ find default=yes ] limit-uptime=10m
add name=admin profile=mats-users server=hotspot1
add name=mamiya profile=mats-users server=hotspot1
add name=lamia profile=mats-users server=hotspot1
add name=habiba profile=mats-users server=hotspot1
add name=dipika profile=mats-users server=hotspot1
add name=sathi profile=mats-users server=hotspot1
add name=purnima profile=mats-users server=hotspot1
add name=akhi profile=mats-users server=hotspot1
add name=tania profile=mats-users server=hotspot1
add name=hoymonti profile=mats-users server=hotspot1
/ip route
add check-gateway=ping distance=1 gateway=pppoe-iSmart routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=pppoe-RedNet routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=l2tp-atlas routing-mark=to_VPN1
add check-gateway=ping distance=1 gateway=pppoe-iSmart routing-mark=Steam
add distance=2 gateway=pppoe-RedNet routing-mark=Steam
add distance=1 gateway=pppoe-iSmart
add distance=2 gateway=pppoe-RedNet
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.10.1.0/24,10.10.2.0/24,10.8.0.0/24 port=8080
set ssh disabled=yes
set www-ssl address=10.10.1.0/24,10.10.2.0/24,10.8.0.0/24 certificate=local disabled=no port=8443
set api disabled=yes
set api-ssl address=10.10.1.0/24,10.10.2.0/24,10.8.0.0/24 certificate=local
/ip traffic-flow
set interfaces=br2
/ipv6 address
add address=2001:470:35:79e::2 advertise=no interface=sit1
add address=2001:470:36:79c::1000 disabled=yes interface=br1
add address=2001:470:36:79c::1001 disabled=yes interface=br2
/ipv6 nd
add disabled=yes hop-limit=64 interface=br1
/ipv6 route
add distance=1 gateway=*C
add distance=1 dst-address=2000::/3 gateway=2001:470:35:79e::1
add distance=1 dst-address=2000::/3 gateway=2001:470:35:79e::1
/ppp secret
add name=ishrak-1@l2tp remote-address=10.8.0.10 service=l2tp
/system clock
set time-zone-name=Asia/Dhaka
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool traffic-monitor
add interface=wlan1 name=tmon1 threshold=10000

Who is online

Users browsing this forum: Baidu [Spider] and 62 guests