Community discussions

 
icebox78
just joined
Topic Author
Posts: 5
Joined: Wed Nov 21, 2018 9:48 am
Location: Karachi

Dual Acces PPPOE Multi WAN Question

Wed Nov 21, 2018 12:48 pm

Dear Forum Members

I have 3 Dual access PPPoE connections from an ISP. The WAN Interface first gets
an IP address from the DHCP server with some routes. These routes are important
for FTP/Sharing portal access. My setup is PCC based Multi wan which is working ok.
Only problem I am facing is that the users behind the Mikrotik Router LAN interface
cannot ping the WAN gateway or connect to the FTP portals. IF ony 1 WAN / PPPoE is
connected then users can access FTP and can ping the WAN gateway. But as soon as
All WANs are enabled then this connectivity is lost. But the internet works fine.

Please guide

Regards
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: Dual Acces PPPOE Multi WAN Question

Wed Nov 21, 2018 3:45 pm

Hi,

I'm assuming all three Dual Access devices are connected to three different ports on your MikroTik?
If this is the case you will need to mangle these connections to make sure traffic is kept separate, otherwise routing is going to get screwed up.
 
icebox78
just joined
Topic Author
Posts: 5
Joined: Wed Nov 21, 2018 9:48 am
Location: Karachi

Re: Dual Acces PPPOE Multi WAN Question

Wed Nov 21, 2018 6:10 pm

Hello

1) I'm assuming all three Dual Access devices are connected to three different ports on your MikroTik?

Yes

2) "you will need to mangle these connections to make sure traffic is kept separate"

These are my mangle rules

/ip firewall mangle
add action=accept chain=prerouting disabled=no in-interface=PPPoE
add action=accept chain=prerouting disabled=no in-interface=PPPoF
add action=accept chain=prerouting disabled=no in-interface=PPPoE-1
add action=accept chain=prerouting disabled=yes in-interface=PPPoF-1
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local new-connection-mark=wan3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local new-connection-mark=wan4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=\
no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=\
no new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_conn disabled=\
no new-routing-mark=to_wan3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4_conn disabled=\
no new-routing-mark=to_wan4 passthrough=yes

Regards
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: Dual Acces PPPOE Multi WAN Question

Thu Nov 22, 2018 2:16 pm

Hi,

I've never had to enable dst-address-type or per-connection-classifier. Here are the rules I generally use for multiple internet connections:
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1 \
    new-connection-mark=input-wan1 passthrough=yes
add action=mark-connection chain=input in-interface=ether2 \
    new-connection-mark=input-wan2 passthrough=yes
add action=mark-routing chain=output connection-mark=input-wan1 \
    new-routing-mark=to-wan1 passthrough=no
add action=mark-routing chain=output connection-mark=input-wan2 \
    new-routing-mark=to-wan2 passthrough=no
add action=mark-connection chain=forward connection-state=new in-interface=\
    ether1 new-connection-mark=output-wan1 passthrough=no
add action=mark-connection chain=forward connection-state=new in-interface=\
    ether2 new-connection-mark=output-wan2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=output-wan1 \
    new-routing-mark=to-wan1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=output-wan2 \
    new-routing-mark=to-wan2 passthrough=no
Your in-interface can either be a physical interface like ether1, or a pppoe-client interface.

After this you need to set a route rule for the local IP range to point to the main table like:
/ip route rule
add dst-address=192.168.0.0/16 table=main
This rule is extremely important, and replace the IP with your local LAN IP. Otherwise some weird stuff is going to happen on your network.

Then in your /ip route you will need to setup two routes, one for the main table and the next for the routing mark you created in the mangle:
/ip route
add distance=1 gateway=<your ether1 gateway ip, or pppoe-client interface> routing-mark=to-wan1
add distance=1 gateway=<your ether2 gateway ip, or pppoe-client interface> routing-mark=to-wan2
add comment=default-gateway distance=1 gateway=<your ether1 gateway ip, or pppoe-client interface>
add distance=5 gateway=<your ether2 gateway ip, or pppoe-client interface>

That is how I do all my setups. Let me know if this helps you out.
 
icebox78
just joined
Topic Author
Posts: 5
Joined: Wed Nov 21, 2018 9:48 am
Location: Karachi

Re: Dual Acces PPPOE Multi WAN Question

Tue Dec 04, 2018 8:16 am

Hi
I tried your configuration today. Now users can access the Portals but Multi WAN is not working. All traffic is passing through single WAN only .
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: Dual Acces PPPOE Multi WAN Question

Wed Dec 05, 2018 11:08 am

Hi,

Do you need all internet traffic to run on all WAN interfaces? Like load balancing, or a type of aggregated bandwidth?
 
icebox78
just joined
Topic Author
Posts: 5
Joined: Wed Nov 21, 2018 9:48 am
Location: Karachi

Re: Dual Acces PPPOE Multi WAN Question

Wed Dec 05, 2018 11:44 am

Yes thats why I've setup PCC. 3 WAN links in total. With PCC, the Multi-WAN is working perfectly fine. Only problem is that the portals are not accessible.

Who is online

Users browsing this forum: che, webbsolution and 59 guests