Community discussions

MikroTik App
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Tue Apr 18, 2023 9:37 pm

I am running ROS 7.8 on RB750GR2

Scenario:
- 3 WANs with load balancing PCC which works fine (ether1, 2 and 3 used for WANs)
- LAN on Ether 4 with DHCP

Problem
- I want to run a pppoe server server on same port as DHCP i.e.Ether 4

pppoe server has been configured on same Ether 4 port and users can connect PPPoE server as well as DHCP. But as soon as a pppoe client connects the Load Balancing stops working and only 1 WAN is used all other WANs goes idle.

Can anyone help me what can be the problem.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Wed Apr 19, 2023 4:17 am

I dont run a pppoe server, so tell me what is the purpose of running one?
Why dont you just have lan users on ether4.

In any case you want all user traffic regardless to be PCCd ??

Any other hidden requirements, any external traffic coming into the router? Any VPN traffic ??

Eventually one will want to see a network diagrams and certainly a complete config
/export file=anynameyouwish ( minus router serial number and any public WANIP information )
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Wed Apr 19, 2023 4:43 pm

I just want that clients can plug into any switch or any AP on the network to get dhcp. But i dont want them to know that there is a pppoe server as well which can be connected on the same network.
The reason for a pppoe server is that i have to setup some special privileges for some clients.
I know i can configure pppoe on a separate port or can configure vlans, but i dont want to do that because i cannot access all the router or APs down the line for configuration.
Anyways, here is the config

# model = RB750r2
# serial number =
/interface ethernet
set [ find default-name=ether1 ] mac-address=CC:2D:E0 name=LAN
set [ find default-name=ether2 ] disabled=yes mac-address=CC:2D:E0 \
name=Test-LAN
set [ find default-name=ether3 ] mac-address=CC:2D:E0 name=WAN2
set [ find default-name=ether4 ] mac-address=CC:2D:E0 name=WAN3
set [ find default-name=ether5 ] mac-address=CC:2D:E0 name=WAN4
/interface list
add name="All WAN"
add name=LANs
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.15.2-192.168.15.254
add name="PPPoE Pool" ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 interface=LAN lease-time=1d name=\
DHCP_LAN
/ppp profile
add local-address=192.168.20.1 name="PPPoE on LAN" remote-address=\
"PPPoE Pool"
set *FFFFFFFE local-address=192.168.89.1 remote-address="PPPoE Pool"
/queue type
add kind=fq-codel name=FQ-Codel
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_WAN2
add fib name=to_WAN3
add fib name=to_WAN4
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list="All WAN" internet-interface-list="All WAN" \
lan-interface-list=LANs wan-interface-list="All WAN"
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=WAN2 list="All WAN"
add interface=WAN3 list="All WAN"
add interface=WAN4 list="All WAN"
add interface=LAN list=LANs
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add default-profile="PPPoE on LAN" disabled=no interface=LAN \
keepalive-timeout=disabled one-session-per-host=yes service-name=\
PPPoE-Special
/ip address
add address=192.168.15.1/24 interface=LAN network=192.168.15.0
add address=192.168.12.250/24 interface=WAN2 network=192.168.12.0
add address=192.168.13.250/24 interface=WAN3 network=192.168.13.0
add address=192.168.14.250/24 interface=WAN4 network=192.168.14.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.15.2 client-id=1:1c:87:2c:67:cd:88 mac-address=\
1C:87:2C:67:CD:88 server=DHCP_LAN
/ip dhcp-server network
add address=192.168.15.0/24 dns-server=192.168.15.1,8.8.8.8 gateway=\
192.168.15.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,9.9.9.9
/ip dns static
add address=192.168.10.1 name=lan.com
/ip firewall address-list
add address=192.168.15.2-192.168.15.254 list=Clients
add address=192.168.12.250 list=WANs
add address=192.168.13.250 list=WANs
add address=192.168.14.250 list=WANs
/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list="All WAN"
add action=accept chain=forward comment="****dstNat Accept***" \
connection-nat-state=dstnat
add action=add-dst-to-address-list address-list=ABL address-list-timeout=3d \
chain=forward comment="****Detect MyABL List****" content=myabl \
out-interface-list="All WAN"
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24 \
in-interface-list=LANs
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface-list=LANs new-connection-mark=\
WAN4_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface-list=LANs new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
in-interface-list=LANs new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
in-interface-list=LANs new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4_conn \
new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark="" in-interface=\
WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes
add action=mark-routing chain=prerouting comment=\
"******MyABL Route to WAN3******" dst-address-list=ABL new-routing-mark=\
to_WAN3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list="All WAN"
add action=dst-nat chain=dstnat comment="\"\"\"Port Fwd for AC68u\"\"\"\"\"" \
dst-port=11945 in-interface-list="All WAN" protocol=udp to-addresses=\
192.168.15.2 to-ports=11945
/ip firewall service-port
set rtsp disabled=no
/ip route
add comment="Monitor WAN 2" disabled=no distance=1 dst-address=1.1.1.1/32 \
gateway=192.168.12.1 pref-src="" routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add comment="Monitor WAN3" disabled=no distance=1 dst-address=39.39.39.39/32 \
gateway=192.168.13.1 pref-src="" routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add comment="Monitor WAN4" disabled=no distance=1 dst-address=8.8.4.4/32 \
gateway=192.168.14.1 pref-src=0.0.0.0 routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Routing WAN 2" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN2 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Routing WAN 3" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src="" routing-table=\
to_WAN3 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Routing WAN 4" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN4 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 2" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=0.0.0.0 routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 3" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src=0.0.0.0 routing-table=\
main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 4" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 2 to 3" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN3 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 3 to 4" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src=0.0.0.0 routing-table=\
to_WAN4 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 4 to 3" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=\
to_WAN3 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 2 to 4" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN4 \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 3 to 2" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src="" routing-table=\
to_WAN2 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 4 to 2" disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN2 \
scope=30 suppress-hw-offload=no target-scope=11
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ppp secret
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Thu Apr 20, 2023 7:31 pm

PCC should work as normal, on the surface if PCC works before invoking ppp server, it should work afterwards, Just more subnets ending up using PCC........
What is it that we are not aware of???? You must have changed something if it stops working!!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port  [SOLVED]

Thu Apr 20, 2023 9:23 pm

(1) Why do you have this enabled?
/ip firewall connection tracking
set enabled=yes

(2) Im no ppp expert but what interface are you supposed to identify here...... Okay just a bad choice of words.
I would never use the word LAN to identify an etherport because its used elsewhere on MT as standard terminology.
Suggest maybe ether1-LAN etc......

/interface pppoe-server server
add default-profile="PPPoE on LAN" disabled=no interface=LAN \
keepalive-timeout=disabled one-session-per-host=yes service-name=\
PPPoE-Special


(3) I no ppp expert but why here is there a reference to two diff subnets??
/ppp profile
add local-address=192.168.20.1 name="PPPoE on LAN" remote-address=\
"PPPoE Pool"
set *FFFFFFFE local-address=192.168.89.1 remote-address="PPPoE Pool"


(4) I dont see Missing???
/ip dhcp-server for pppoe subnet????
It has an ip pool, ip address, ip dhcp-server network though!
I suspect this is done through the ppp interface.

(5) I would get rid of this static setting as it seems to have no purpose, not tied to any known subnet.
/ip dns static
add address=192.168.10.1 name=lan.com

(6) Lets look at the sparse firewall rules..........can only assume you are behind another router....
I cannot even begin to comprehend what the heck you aim to accomplish with these rules, so will let you explain!!

As of right now would recommend two things
a. remove all the garbage below and then keep troubleshooting.
b. once you have success then put in a small but decent firewall set of rules close to default.

/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list="All WAN"
add action=accept chain=forward comment="****dstNat Accept***" \
connection-nat-state=dstnat
add action=add-dst-to-address-list address-list=ABL address-list-timeout=3d \
chain=forward comment="****Detect MyABL List****" content=myabl \
out-interface-list="All WAN"


(7) It seems as if you have expectations of external users coming in and reaching your LAN correct ???

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list="All WAN"
add action=dst-nat chain=dstnat comment="\"\"\"Port Fwd for AC68u\"\"\"\"\"" \
dst-port=11945 in-interface-list="All WAN" protocol=udp to-addresses=\
192.168.15.2 to-ports=11945


Any expectations of internal users using the Server? and if so how, ( by dyndns name or the more direct LANIP ? )

(8) Looking at mangle rules. Lets look at what is required conceptually.

A. Have to ensure any users coming in externally for mainly the internal server, on any WAN, go back out the same WAN.
This rule has two purposes, to mark incoming traffic headed toward a server etc, or to the router itself!
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark="" in-interface=\
WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes


B. Next we have to ensure all users originating traffic heading for the WANs are both connection marked and PCCd. Since we have the standard LAN and anther ppp subnet to worry about (not really an interface) we need to use a firewall address list vice and interface list approach.
/ip firewall address list
add address=192.168.15.0/24 list=ALL-users
add address=192.168.20.0/24 list=ALL-users


And then the PCC rules.
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN4_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/3


C. Next, for the LAN and PPP traffic identified we want to associate that marked traffic withe the specific routes accordingly!!!
It is not totally necessary to include the LANSIDE members just for information.
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
src-address-list=ALL-users new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
src-address-list=ALL-users new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
src-address-list=ALL-users new-routing-mark=to_WAN4 passthrough=yes

D. Lastly we want to ensure any traffic that was headed for the router itself through the WANs,
gets sent back out the same interface.

Note: Return traffic from the Router itself does not go through preouting and thus we must use output chain.
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4_conn \
new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes


E. I do not believe these mangle rules will serve any purpose on your config and can be removed! <---- I am wrong here, needed for OP to talk to modems!!
This 'extra set of rules' is typically used to reach modems or if other WANIPs in ones config, not noted are in play here!!
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24 \
in-interface-list=LAN
s
Last edited by anav on Sat Apr 29, 2023 7:10 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Thu Apr 20, 2023 11:28 pm

Before I even attempt to digest your IP routes.
Yuu need to detail your intentions with the WANs for all cases...

It would appear you have
a. normal single flat recursive case - ALL WANS working.
b. what happens when wans fail.

Confirm please.
a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 traffic to Wan3
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 4:30 pm

Before I even attempt to digest your IP routes.
Yuu need to detail your intentions with the WANs for all cases...

It would appear you have
a. normal single flat recursive case - ALL WANS working.
b. what happens when wans fail.

Confirm please.
a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 traffic to Wan3
Being a newbie I set those up after consulting a lot of videos.
I just want to have recursive routes with failover, so if WAN2 fails, send WAN2 traffic to WAN3 to WAN4 and so on
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 4:35 pm

(1) Why do you have this enabled?
/ip firewall connection tracking
set enabled=yes

(2) Im no ppp expert but what interface are you supposed to identify here...... Okay just a bad choice of words.
I would never use the word LAN to identify an etherport because its used elsewhere on MT as standard terminology.
Suggest maybe ether1-LAN etc......

/interface pppoe-server server
add default-profile="PPPoE on LAN" disabled=no interface=LAN \
keepalive-timeout=disabled one-session-per-host=yes service-name=\
PPPoE-Special


(3) I no ppp expert but why here is there a reference to two diff subnets??
/ppp profile
add local-address=192.168.20.1 name="PPPoE on LAN" remote-address=\
"PPPoE Pool"
set *FFFFFFFE local-address=192.168.89.1 remote-address="PPPoE Pool"


(4) I dont see Missing???
/ip dhcp-server for pppoe subnet????
It has an ip pool, ip address, ip dhcp-server network though!
I suspect this is done through the ppp interface.

(5) I would get rid of this static setting as it seems to have no purpose, not tied to any known subnet.
/ip dns static
add address=192.168.10.1 name=lan.com

(6) Lets look at the sparse firewall rules..........can only assume you are behind another router....
I cannot even begin to comprehend what the heck you aim to accomplish with these rules, so will let you explain!!

As of right now would recommend two things
a. remove all the garbage below and then keep troubleshooting.
b. once you have success then put in a small but decent firewall set of rules close to default.

/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list="All WAN"
add action=accept chain=forward comment="****dstNat Accept***" \
connection-nat-state=dstnat
add action=add-dst-to-address-list address-list=ABL address-list-timeout=3d \
chain=forward comment="****Detect MyABL List****" content=myabl \
out-interface-list="All WAN"


(7) It seems as if you have expectations of external users coming in and reaching your LAN correct ???

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list="All WAN"
add action=dst-nat chain=dstnat comment="\"\"\"Port Fwd for AC68u\"\"\"\"\"" \
dst-port=11945 in-interface-list="All WAN" protocol=udp to-addresses=\
192.168.15.2 to-ports=11945


Any expectations of internal users using the Server? and if so how, ( by dyndns name or the more direct LANIP ? )

(8) Looking at mangle rules. Lets look at what is required conceptually.

A. Have to ensure any users coming in externally for mainly the internal server, on any WAN, go back out the same WAN.
This rule has two purposes, to mark incoming traffic headed toward a server etc, or to the router itself!
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark="" in-interface=\
WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes


B. Next we have to ensure all users originating traffic heading for the WANs are both connection marked and PCCd. Since we have the standard LAN and anther ppp subnet to worry about (not really an interface) we need to use a firewall address list vice and interface list approach.
/ip firewall address list
add address=192.168.15.0/24 list=ALL-users
add address=192.168.20.0/24 list=ALL-users


And then the PCC rules.
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=ALL-users new-connection-mark=\
WAN4_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/3


C. Next, for the LAN and PPP traffic identified we want to associate that marked traffic withe the specific routes accordingly!!!
It is not totally necessary to include the LANSIDE members just for information.
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
src-address-list=ALL-users new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
src-address-list=ALL-users new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
src-address-list=ALL-users new-routing-mark=to_WAN4 passthrough=yes

D. Lastly we want to ensure any traffic that was headed for the router itself through the WANs,
gets sent back out the same interface.

Note: Return traffic from the Router itself does not go through preouting and thus we must use output chain.
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4_conn \
new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes


E. I do not believe these mangle rules will serve any purpose on your config and can be removed!
This 'extra set of rules' is typically used to reach modems or if other WANIPs in ones config, not noted are in play here!!
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24 \
in-interface-list=LAN
s
Thanks a lot @anav
Actually my WAN2, 3 and 4 are ISP Modems and they cannot be put in bridge mode for pppoe as i dont have the PPPoE usernames and passwords for them. Otherwise i can access them
About the settings, Yes there were a lot of mistakes, I have corrected them all as per your advice
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 5:13 pm

Yes I meant to say.........

a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 & WAN3 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 &WAN2 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 & WAN2 traffic to Wan3

This should get you close in terms of IP routes.
Starting Point Farthest Hop.
add check-gateway=ping distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table }
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 {main table }
add check-gateway=ping distance=15 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 {main table }

Add Cases for Failure..... ( W2--> 3 then 4 / W3--> 2 then 4 / W4--> 2 then 3 )
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP2-route
distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP2-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP2-route

distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP3-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP3-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP3-route

distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP4-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1.1 scope=10 target-scope=14 routing-table=ISP4-route
distance=3 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP4-route

ADD NEXT HOP (Direct LINK)
add distance=5 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 target-scope=13
add distance=10 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 target-scope=13
add distance=15 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 target-scope=13
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 6:18 pm

Yes I meant to say.........

a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 & WAN3 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 &WAN2 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 & WAN2 traffic to Wan3

This should get you close in terms of IP routes.
Starting Point Farthest Hop.
add check-gateway=ping distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table }
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 {main table }
add check-gateway=ping distance=15 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 {main table }

Add Cases for Failure..... ( W2--> 3 then 4 / W3--> 2 then 4 / W4--> 2 then 3 )
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP2-route
distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP2-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP2-route

distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP3-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP3-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP3-route

distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP4-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1.1 scope=10 target-scope=14 routing-table=ISP4-route
distance=3 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP4-route

ADD NEXT HOP (Direct LINK)
add distance=5 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 target-scope=13
add distance=10 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 target-scope=13
add distance=15 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 target-scope=13
Thanks a bundle again

being new to it, i had literally configured it 100 times with partial success reading all from the forums but could never do it right.

Everything is working flawlessly now
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 6:23 pm


E. I do not believe these mangle rules will serve any purpose on your config and can be removed!
This 'extra set of rules' is typically used to reach modems or if other WANIPs in ones config, not noted are in play here!!
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24 \
in-interface-list=LAN
s
Just 1 last query

These "action=accept" rules. Although i have deleted them, I still couldnt understand them exactly.
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 6:29 pm

Moreover, the cpu usage has gone high to 50+, previously it stayed in 20
although everything is working as expected
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 21, 2023 11:50 pm

Cant help you with usage of CPU probably expected with all that mangling etc..... But will take another look.
Yes the accept rules we deleted is really there in most configs for no reason.
They are there just in case.
a. one has more WANIPs from the providers in question, but not involved in PCC so that they can function normally if in use.
b. one has Cellular connections involved separate not part of PCC I think.

Wow so everything is working!!! AWESOME...........
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Tue Apr 25, 2023 7:20 pm

Yes I meant to say.........

a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 & WAN3 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 &WAN2 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 & WAN2 traffic to Wan3

This should get you close in terms of IP routes.
Starting Point Farthest Hop.
add check-gateway=ping distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table }
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 {main table }
add check-gateway=ping distance=15 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 {main table }

Add Cases for Failure..... ( W2--> 3 then 4 / W3--> 2 then 4 / W4--> 2 then 3 )
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP2-route
distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP2-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP2-route

distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP3-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP3-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP3-route

distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP4-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1.1 scope=10 target-scope=14 routing-table=ISP4-route
distance=3 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP4-route

ADD NEXT HOP (Direct LINK)
add distance=5 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 target-scope=13
add distance=10 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 target-scope=13
add distance=15 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 target-scope=13
I have configured routes as above.
Everything was working fine and i checked it by disabling WAN connections individually in router.
However, yesterday my WAN3 internet went down. The modem was up and connected but the internet was not there.
So the failover didnt work and the connections were still forwarded to WAN3 as if it was up.

So the problem is that if the interface is physically down, only then the failover works.
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Tue Apr 25, 2023 7:24 pm

Here is my current routes config based on your advice above

/ip route
add distance=5 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 \ target-scope=13
add distance=10 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 \ target-scope=13
add distance=15 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 \ target-scope=13
add check-gateway=ping distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ scope=10 target-scope=14
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ scope=10 target-scope=14
add check-gateway=ping disabled=no distance=15 dst-address=0.0.0.0/0 gateway=\ 8.8.4.4 pref-src="" routing-table=main scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src="" routing-table=to_WAN3 scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src="" routing-table=to_WAN4 scope=10 suppress-hw-offload=no \ target-scope=14
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 28, 2023 7:57 pm

my mistake, potentially, was putting distances on the first three rules and the last three rules.
They are not required so no 5,10,15 on the first three or last three. Try that and see if it works better..
in the meantime will look at your latest rules.....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 28, 2023 8:03 pm

Yeah you had some errors plus my other post..........

/ip route
add distance=1 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 \ target-scope=13
add distance=1 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 \ target-scope=13
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 \ target-scope=13
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ scope=10 target-scope=14
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ scope=10 target-scope=14
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ 8.8.4.4 pref-src="" routing-table=main scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src="" routing-table=to_WAN2 scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src="" routing-table=to_WAN4 scope=10 suppress-hw-offload=no \ target-scope=14
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 28, 2023 9:29 pm

Yeah you had some errors plus my other post..........

/ip route
add distance=1 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 \ target-scope=13
add distance=1 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 \ target-scope=13
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 \ target-scope=13
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ scope=10 target-scope=14
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ scope=10 target-scope=14
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ 8.8.4.4 pref-src="" routing-table=main scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src="" routing-table=to_WAN2 scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src="" routing-table=to_WAN4 scope=10 suppress-hw-offload=no \ target-scope=14
Thanks a lot
But i already figured that out and corrected
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 28, 2023 9:33 pm

And about those "accept" rules we discussed earlier

when i removed those i could not access my WAN modems, so i had to add those "accept" rules again

my Wan Modems have fol IPs
- WAN 2 IP 192.168.12.1
- WAN 3 IP 192.168.13.1
- WAN 4 IP 192.168.14.1
- LAN IP 192.168.15.1 & 192.168.30.1
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 28, 2023 9:45 pm

Hi did you in mean mangle rules?? If so great, I was wondering why they may be necessary, I have never needed to access my wan ISPs modems lol,
 
irfan44
just joined
Topic Author
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Fri Apr 28, 2023 11:49 pm

Hi did you in mean mangle rules?? If so great, I was wondering why they may be necessary, I have never needed to access my wan ISPs modems lol,
Yes mangle rules.
I searched the Internet and forums for a solution when I could not access my ISP Modems. Found many threads with same problem but no definite answer.

So I started to dig for the difference between my previous config and this one. And finally found the "accept" rules to be the answer.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load balancing Stops Working with DHCP and PPP server on same Ethernet Port

Sat Apr 29, 2023 7:09 pm

Yes, the accept rules are so that the router can respond to traffic to themselves and to ensure the router can communicate with the modems.... or to other public IPs one has which are not being PCC'd
Hence why we mark traffic coming through each wan and also on the output chain ensure the traffic goes back out the same wan.

Thanks for solidifying this bit of knowledge!!

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24 \
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24 \
in-interface-list=LANs


I note discher does not delineate the need to identify the LAN interface and thus the rule could also be like so and probably preferential if the router and modem needed to chat and not just the OP to the modems........
/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address=192.168.12.0/24
add action=accept chain=prerouting disabled=no dst-address=192.168.13.0/24
add action=accept chain=prerouting disabled=no dst-address=192.168.14.0/24

Who is online

Users browsing this forum: No registered users and 30 guests