Hello,
i have 3 PPPOE account setup, all 3 conected.
What i want to do is use 1 st account for my internal LAN, and other two as dst-nat some services inside my LAN. (no load balancing)
Issues:
PING is working only on the first pppoe account, other two are working (including ping) if i change my default route with distance 1 to another pppoe.
I tried to mark packets for each pppoe account and it does not work, but this looks more like a load balancing situation which i don't want.
Can somebody help me ? I just want to have all of the 3 pppoe accounts alive on the router, only 1 will be used for internal LAN.
Re: 3 PPPOE same wan
You should mark route the packets and then add default route with the chosen routing mark.
For example
/ip route add gateway=pppoe2 routing-mark=wan2
Use mark route in action of routing mark, I don't remember the exact syntax for the command, but you can use dst-address your LAN Network and the port you need, or the input interface, and then in the action mark route.
In the end masquerade your LAN with an output interface list.
For example
/ip route add gateway=pppoe2 routing-mark=wan2
Use mark route in action of routing mark, I don't remember the exact syntax for the command, but you can use dst-address your LAN Network and the port you need, or the input interface, and then in the action mark route.
In the end masquerade your LAN with an output interface list.
Re: 3 PPPOE same wan
Ok already tried it does not work, can't go out to internet with the bellow rules.
I can ping the outside ony from mikrotik router on both pppoe accounts.
Ping from internet to router is working.
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 new-connection-mark=pppoe_1 passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 new-connection-mark=pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=pppoe-out1 new-connection-mark=pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=pppoe-out2 new-connection-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe_1 new-routing-mark=to_pppoe1 passthrough=no
add action=mark-routing chain=output connection-mark=pppoe_2 new-routing-mark=to_pppoe2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=pppoe_1 new-routing-mark=to_pppoe1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=pppoe_2 new-routing-mark=to_pppoe2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT out-interface=pppoe-out1 src-address=192.168.88.0/24
and in the routing table i have the two routes each one with corresponding routing mark....
I can ping the outside ony from mikrotik router on both pppoe accounts.
Ping from internet to router is working.
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 new-connection-mark=pppoe_1 passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 new-connection-mark=pppoe_2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=pppoe-out1 new-connection-mark=pppoe_1 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=pppoe-out2 new-connection-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe_1 new-routing-mark=to_pppoe1 passthrough=no
add action=mark-routing chain=output connection-mark=pppoe_2 new-routing-mark=to_pppoe2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=pppoe_1 new-routing-mark=to_pppoe1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=pppoe_2 new-routing-mark=to_pppoe2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT out-interface=pppoe-out1 src-address=192.168.88.0/24
and in the routing table i have the two routes each one with corresponding routing mark....
Re: 3 PPPOE same wan
I think there's something wrong in mangle, with these you're marking connections that are coming in, not those going out to pppoe2 or 3.
Can you please post a screenshot of the connection in connection tracking?
You should make a mangle with src address 192.168.88.0/24 protocol and port you natted for routing mark, so when for example 192.168.88.123:80 should go through another PPPoE it you dst-nat port 80 to 192.168.88.123
Try to use
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=pppoe2 passthrough=no src-address=192.168.88.0/24 protocol=tcp src-port=80
Can you please post a screenshot of the connection in connection tracking?
You should make a mangle with src address 192.168.88.0/24 protocol and port you natted for routing mark, so when for example 192.168.88.123:80 should go through another PPPoE it you dst-nat port 80 to 192.168.88.123
Try to use
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=pppoe2 passthrough=no src-address=192.168.88.0/24 protocol=tcp src-port=80
Re: 3 PPPOE same wan
True, a single mangle route rule was enough for the webserver IP (no tcp / port), with a single route in routing table.
Everything remained as a basic configuration with NAT.
Thanks.
Everything remained as a basic configuration with NAT.
Thanks.