Community discussions

MikroTik App
 
Posse7x
just joined
Topic Author
Posts: 12
Joined: Thu Oct 06, 2016 4:11 pm

load balancing and netbanking

Tue Sep 18, 2018 10:48 am

hello,

i've got some problems with load balancing and netbanking (or other "safe" websites)
you'll run in a timeout while logging in
its also not possible to order something on this website(some other webshops got the same problem too):
https://www.global-print.com

disabling load balancing on port 443 do the thing, but i don't think thats the right way way to solve the problem

thats my mangle configuration right now:

/ip firewall mangle
###disable load balancing on ftp####
add action=mark-connection chain=prerouting comment="route ftp to adsl " \
dst-port=21,22 new-connection-mark=ftp_wan_3 passthrough=yes protocol=tcp \
src-address-list=ftp_user
add action=mark-packet chain=prerouting comment="route ftp to adsl " \
connection-mark=ftp_wan_2 new-packet-mark=ftp_packet passthrough=yes
add action=mark-routing chain=prerouting comment="route ftp to adsl " \
new-routing-mark=to_WAN2 packet-mark=ftp_packet passthrough=no
###mark input#####
add action=mark-connection chain=input comment="mark input wan 1" \
in-interface=ether1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment="mark input wan 2" \
in-interface=ether2 new-connection-mark=WAN2_conn passthrough=yes
###route input to ouptut######
add action=mark-routing chain=output comment="route input/output wan1" \
connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment="route input/output wan2" \
connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
###split traffic####
add action=mark-connection chain=prerouting comment="split traffic wan 1" \
dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=!both-addresses-and-ports:2/0 src-address-list=\
lan
add action=mark-connection chain=prerouting comment="split traffic wan 2" \
dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=!both-addresses-and-ports:2/1 src-address-list=\
lan
###mark packets####
add action=mark-packet chain=prerouting comment=wan1-packet-mark \
connection-mark=WAN1_conn new-packet-mark=wan1-packet passthrough=yes
add action=mark-packet chain=prerouting comment=wan2-packet-mark \
connection-mark=WAN2_conn new-packet-mark=wan2-packet passthrough=yes
##route traffic#####
add action=mark-routing chain=prerouting comment="route to wan 1" \
new-routing-mark=to_WAN1 packet-mark=wan1-packet passthrough=yes
add action=mark-routing chain=prerouting comment="route to wan 2" \
new-routing-mark=to_WAN2 packet-mark=wan2-packet passthrough=yes
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: load balancing and netbanking

Wed Sep 19, 2018 4:59 pm

A wild guess is that you would have to modify the load balancing rules in such a way that the same client PC would set up all its https sessions from the same public IP address, because the only mechanism I can imagine is that the server uses cookies to check exactly that, i.e. that all sessions from the same client come from the same IP address.

Who is online

Users browsing this forum: Amazon [Bot], JesusUve, xrlls and 79 guests