I've configured a load balance, using the idea of an guide I downloaded in this forum, from Tomas Kirnak.
The difference is that I'm not using PCC. I just have client IPs added to 3 different address lists, and I load balance them staticaly among the 3 links I have.
In the begining of the tutorial we can read the first rules:
Code: Select all
/ipfirewall mangle
add chain=input connection-mark=no-mark in-interface=ISP_1
action=mark-connection new-connection-mark=WAN1->ROS
add chain=input connection-mark=no-mark in-interface=ISP_2
action=mark-connection new-connection-mark=WAN2->ROS
add chain=output connection-mark=WAN1->ROS
action=mark-routing new-routing-mark=ISP1_Route
add chain=output connection-mark=WAN2->ROS
action=mark-routing new-routing-mark=ISP2_Route
add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->LANs
add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->LANs
add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route
add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route
Code: Select all
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!Connected dst-address-type=!local action=mark-connection
new-connection-mark=LAN->WAN
add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN
action=mark-routing new-routing-mark=ISP1_Route
comment="Load-Balancing here"
Code: Select all
add chain=prerouting connection-mark=LAN->WAN src-address-list=LINK1_addresses action=mark-routing new-routing-mark=ISP1_Route
add chain=prerouting connection-mark=LAN->WAN src-address-list=LINK2_addresses action=mark-routing new-routing-mark=ISP2_Route
What I had to do was to remove the "connection-mark=no-mark" from the first two forward rules. so rules
Code: Select all
add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->LANs
add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->LANs
Code: Select all
add chain=forward in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->LANs
add chain=forward in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->LANs
I don't know chains that well, so, if a packet come to ROS to be forwarded to WAN interface, does it passes through "input" chain before it goes to "forward", or it goes directly to "forward" and "input" is only when destination is ROS itself?
If the last is the case, them I shouln't have to remove those "connection-mark=no-mark" for it to work.
If anyone could clarify it, I would appreciate. Since I want to add more rules in there, because I want to add rules to route some specific traffic to same specific links. Like traffics destined to an internet IP address I want to EVER go to the same link, and so on. But I don't want to mess all up before I can understand why it just stoped working.