Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

ECMP Work fine, NAT Not working)

Post Reply
 
kapi2454
newbie
Topic Author
Posts: 38
Joined: Mon Oct 09, 2017 2:54 pm

ECMP Work fine, NAT Not working)

Wed Feb 05, 2020 6:43 pm

Hi people, I new in ECMP but it´s working now.
I have 3 WAN
WAN1 and 2 are PPPoE and WAN 3 it Fixed/static IP

All work fine, I run Speedtest (From Ookla) and something use Wan1 other wan2 and other wan3. This is fine.
The problem is NAT (It was working with only one pppoe).
Now I try to enter for wan1 and work fine from one PC. I try to enter from other PC and not work. I reboot mikrotik and work fine from second PC but not in the first
It´s look like that can only enter from one PC at the same time, it's posible?

This are part of my configuration, can you helpme?
Code: Select all
/ip firewall filter
add action=accept chain=forward comment=DVRs dst-port=xxxx protocol=tcp
add action=accept chain=input comment=WINBOX dst-port=xxxx  protocol=tcp
add action=accept chain=forward comment=Zureo dst-port=xxxx protocol=tcp
add action=accept chain=input dst-port=xxxx protocol=tcp
add action=accept chain=forward dst-port=xxxx protocol=tcp
add action=accept chain=input dst-port=xxxx protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop invalid (forw)" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 new-connection-mark=wlan1_conn passthrough=no
add action=mark-connection chain=input in-interface=pppoe-out2 new-connection-mark=wlan2_conn passthrough=yes
add action=mark-connection chain=input in-interface=WAN3F new-connection-mark=wlan3_conn passthrough=yes
add action=mark-routing chain=output connection-mark=wlan1_conn new-routing-mark=to_wlan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wlan2_conn new-routing-mark=to_wlan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wlan3_conn new-routing-mark=to_wlan3 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=WAN3F
add action=dst-nat chain=dstnat comment=Zureo dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.2 to-ports=xxxx
add action=dst-nat chain=dstnat dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.2 to-ports=xxxx
add action=dst-nat chain=dstnat comment=DVR1 dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.3 to-ports=xxxx
add action=dst-nat chain=dstnat dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.3 to-ports=xxxx
add action=dst-nat chain=dstnat comment=DVR2 dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.4 to-ports=xxxx
add action=dst-nat chain=dstnat dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.4 to-ports=xxxx
add action=dst-nat chain=dstnat comment=DVR3 dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.6 to-ports=xxxx
add action=dst-nat chain=dstnat dst-port=xxxx in-interface-list=Salidas protocol=tcp to-addresses=192.168.1.6 to-ports=xxxx

/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 new-connection-mark=wlan1_conn passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 new-connection-mark=wlan2_conn passthrough=yes
add action=mark-connection chain=input in-interface=WAN3F new-connection-mark=wlan3_conn passthrough=yes
add action=mark-routing chain=output connection-mark=wlan1_conn new-routing-mark=to_wlan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wlan2_conn new-routing-mark=to_wlan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wlan3_conn new-routing-mark=to_wlan3 passthrough=yes

/ip route
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_wlan1 
 1 A S  dst-address=0.0.0.0/0 gateway=pppoe-out2 gateway-status=pppoe-out2 reachable check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to_wlan2 
 2 A S  dst-address=0.0.0.0/0 gateway=FixedIP_Gtw gateway-status=FixedIP_Gtw reachable via  WAN3F check-gateway=ping distance=1 scope=30 target-scope=10 
        routing-mark=to_wlan3 
 3 A S  dst-address=0.0.0.0/0 gateway=pppoe-out1,pppoe-out2,FixedIP_Gtw gateway-status=pppoe-out1 reachable,pppoe-out2 reachable,FixedIP_Gtw reachable via  WAN3F 
        check-gateway=ping distance=1 scope=30 target-scope=10 
 4 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=LAN gateway-status=LAN reachable distance=0 scope=10 
 5 ADC  dst-address=pppoeGtw/30 pref-src=FixedIP gateway=WAN3F gateway-status=WAN3F reachable distance=0 scope=10 
 6 ADC  dst-address=pppoeGtw/32 pref-src=pppoeIP gateway=pppoe-out1,pppoe-out2 gateway-status=pppoe-out1 reachable,pppoe-out2 reachable distance=0 scope=10
Thank !!!
Top
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: ECMP Work fine, NAT Not working)

Wed Feb 05, 2020 8:10 pm

Because you have ECMP configured does not mean that your computer will use all 3 WAN at the same time...
For every source/destination IP pair a gateway is chosen...
For a different pair an other gateway will be selected...
https://mikrotik.com/testdocs/ros/3.0/i ... ontent.php
Top
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: ECMP Work fine, NAT Not working)

Thu Feb 06, 2020 2:46 am

and this one https://help.mikrotik.com/docs/display/ROS7/Routing is very good in explanation of Routing.
I think autor of this post should read this:

Bandwidth-based load-balancing with failover. This presentation also covers Mangle.
This was presented at the MUM (MikroTik User Meeting) in New Orelans, USA.
Tomas Kirnak - YouTube: https://www.youtube.com/watch?v=67Dna_ffCvc&t=1s
http://mum.mikrotik.com/presentations/US12/tomas.pdf
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 61 guests
  4. RouterOS
  5. Forwarding Protocols