You're not giving any details, or what you've tried so far. Additionally not even a day has passed.

Are you trying to route one network out one DSL line, and another network out the second? Are you trying to load-balance the two lines? If so, read the wiki PCC article.

first thanks for your replay
In fact I have two DSL lines with two routers one is cisco and the other is speed linksys

The out line from cisco router ( 172.30.7.225 ) is connected to the wan card of MK. server and the lan card of the MK
is connected to network switch to provide INTERNET to 60 client ( 172.30.7.20 to 172.30.7.80 ).

The other line from linksys router (220.200.200.1 ) is connected to the same network switch and deliver internet to
another 30 client ( 220.200.200.20 to 220.200.200.50 ) direct without MK. Server

I add third NIC to My MK. server and connect the line from linksys router to it (NIC address 220.200.200.5 )

Now I want to have route for first wan card to provide internet to ( 172.30.7.20 to 172.30.7.80 ) clients and another route for the second wan card provide internet to ( 220.200.200.20 to 220.200.200.50 ) clients.

the two DSL lines are from different ISP this means I have two DNS one for each line.

Can you help me

Use mangle rules to apply a connection-mark to traffic from LAN 1 so you can identify it. Apply the same connection-mark to traffic coming into WAN 1 so you can make sure it leaves the same way. Repeat for LAN 2 and WAN 2 with a different connection mark. Then apply two routing-marks depending on the connection mark the flow has. Create two routes for those routing marks pointing out to the respective WAN gateways.

great thanks to Mr. fewi and Mr.butche the site you give is great
I made all the address as in the example exactly but not work these are the codes

/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:29:F5:79:16 mtu=1500 name=Internal speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:29:F5:79:20 mtu=1500 name=ISPONE speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
00:0C:29:F5:79:2A mtu=1500 name=ISPTWO speed=100Mbps
------------------------------------------------------------------------------------
/ip address
add address=10.10.10.2/30 broadcast=10.10.10.3 comment="" disabled=no \
interface=ISPONE network=10.10.10.0
add address=10.10.11.2/30 broadcast=10.10.11.3 comment="" disabled=no \
interface=ISPTWO network=10.10.11.0
add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=Internal network=192.168.1.0
add address=192.168.0.1/24 broadcast=192.168.0.255 comment="" disabled=no \
interface=Internal network=192.168.0.0
-----------------------------------------------------------------------------------
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
!ISPONE
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 \
in-interface=Internal protocol=tcp to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
tcp to-ports=8080
-----------------------------------------------------------------------------------
/ip firewall mangle
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=ISP1 passthrough=no src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=ISP2 passthrough=no src-address=192.168.1.0/24
-----------------------------------------------------------------------------------
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.11.1 \
routing-mark=ISP2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 scope=30 \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 \
routing-mark=ISP1 scope=30 target-scope=10
-----------------------------------------------------------------------------------
/ip route rule
add action=lookup comment="" disabled=no dst-address=192.168.0.0/24 table=\
main
add action=lookup comment="" disabled=no dst-address=192.168.1.0/24 table=\
main
add action=lookup comment="" disabled=no dst-address=10.10.10.0/30 table=main
add action=lookup comment="" disabled=no dst-address=10.10.11.0/30 table=main
add action=lookup comment="" disabled=no src-address=10.10.10.0/30 table=ISP1
add action=lookup comment="" disabled=no src-address=10.10.11.0/30 table=ISP2
add action=lookup comment="" disabled=no routing-mark=ISP1 table=ISP1
add action=lookup comment="" disabled=no routing-mark=ISP2 table=ISP2
-----------------------------------------------------------------------------------


I try to browse from a pc with
IP 192.168.1.2
GW 192.168.1.1
DNS 192.168.1.1
but it is not work


I try to browse from another pc with
IP 192.168.0.2
GW 192.168.0.1
DNS 192.168.0.1
also it is not work

can you tell me what is wrong ?

Thanks

I forget to tell you that in the two subnet
192.168.0.0/24 and 192.168.1.0/24
INTERNET is not working

Are your ISP gateway IPs actually 10.10.11.1 and 10.10.10.1 just like in the blog you copied from? You need to adjust the example given there to your situation.

Yes I adjust the ISP gateways (these routers are in my site and I can change there IP's as I want)
as 10.10.11.1 and 10.10.10.1
I have two DSL lines connected to two routers ( cisco - linksys ), these routers are in my site
so I can change thier IP's as I want

Thanks

This looks like your NAT rules are not correct.

Code: Select all

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
    !ISPONE
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 \
    in-interface=Internal protocol=tcp to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
    tcp to-ports=8080

This is the nat rules you posted. You need one of 2 things:

1. you MUST nat traffic that leaves the router on ISPONE and ISPTWO interfaces
2. You MUST set up static routes to the 192.168.0.0/24 and 192.168.1.0/24 networks in the 2 ISP routers.

Not both, but one or the other.

Thank Mr. Butch Evans

Can you help me with nat rules as I do not know how to nat traffic that leaves
the router ( I have MK 3.22 Not MK router ) on ISPONE and ISPTWO interfaces

And about the ISP router the static routes from where to where

Did you even look to see if the Mikrotik documentation would help you with this? I have given you a COMPLETE script to load balance. I don't mean to be short with you here, but don't you agree that it would be better if you UNDERSTOOD your own network?

Mr Butch Evans

I am very sorry for disturbance But, I was thinking that the required nat rules is
special for this matter.

I add that nat rules but still not working the new nats are

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ISPONE
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ISPTWO
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 \
in-interface=Internal protocol=tcp to-ports=8080
add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
tcp to-ports=8080

By the way I am not using hotspot only web proxy and the cash settings are

enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: "webmaster"
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: primary-master

then what is wrong ?

This configuration is not designed to work with web proxy. I overlooked that in your config. You can use the new PCC option for the mangle section, which is discussed in great detail here: http://forum.mikrotik.com/viewtopic.php?f=2&t=31415

In order to load balance with web proxy, you have to mangle based on streams in the output chain. In order to do that, you MUST use the PCC option to sort traffic.

I try to made the setting as that in the PCC example.
but the MK3.22 is accept these two rules

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/0 \
action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/1 \
action=mark-connection new-connection-mark=wlan2_conn passthrough=yes

MK do not accpet "per-connection-classifier" this option is not there

If I want to work with the same way you disscused in your page
http://blog.butchevans.com/2008/09/mikr ... n-example/
what I need else

If I want to work with the same way you disscused in your page
http://blog.butchevans.com/2008/09/mikr ... n-example/
what I need else

Turn off web proxy and the nat rules that redirect traffic to the web proxy.

Ok I Turn off web proxy and the nat rules that redirect traffic to the web proxy
but it is not working ( this never work with me before even with one DSL line ).

If you have a copy of backup file or settings file for the machine that you try
your example on it please send it.

my email is
am.steen@gmail.com

I try many times before to run MK with webproxy disabled but I fail
is there is some way to run MK without webproxy?
the attached file contains all my MK. settings
please check if you have some time

Ok Mr. butche

Every thing works with me fine like your example but I use differnt ip's
and some little changes in Natting as follows:

/ip route
add gateway=220.200.200.1 routing-mark=ISP2
add gateway=172.30.7.225 routing-mark=ISP1
add gateway=172.30.7.225

/ip route rule
add dst-address=192.168.0.0/24 action=lookup table=main
add dst-address=192.168.1.0/24 action=lookup table=main
add dst-address=172.30.7.0/24 action=lookup table=main
add dst-address=220.200.200.0/24 action=lookup table=main
add src-address=172.30.7.0/24 action=lookup table=ISP1
add src-address=220.200.200.0/24 action=lookup table=ISP2
add routing-mark=ISP1 action=lookup table=ISP1
add routing-mark=ISP2 action=lookup table=ISP2

/ip firewall mangle
add chain=prerouting src-address=192.168.0.0/24 action=mark-routing \
new-routing-mark=ISP1 passthrough=no
add chain=prerouting src-address=192.168.1.0/24 action=mark-routing \
new-routing-mark=ISP2 passthrough=no

The problem is the DNS, it work After I add DNS manually in windows as I have two ISP
with TWO different DNS

Now I need Some Way To add two DNS in MK?

You can point customers to the mikrotik for DNS. Then add dns to the mt with:

The Problem is that I need to add 4 DNS
I have Two ISP and each one has primary-DNS and secondary-DNS
I try to add the primary DNS for the first ISP as primary and the primary DNS
For the second ISP as secondary but the first ISP work and the second no

Another thing I was block sites and some file extensions (download) from
Web-proxy but now I disable win proxy, so do you have some idea to do this with
Firewall

For any one who needs the same thing the NAT rules the works for me are:

0 chain=srcnat action=masquerade out-interface=Internal
1 chain=srcnat action=masquerade src-address=172.30.4.0/24
2 chain=srcnat action=masquerade src-address=172.30.6.0/24


I appreciate you help very much

Ok I use an open DNS
208.67.222.222
208.67.220.220

and it work now, but still need to block sites and some file extensions (download) from
Firewall as I disable Web-proxy now, so do you have any idea how to do this.

I appreciate you help very much