Community discussions

MikroTik App
 
User avatar
Fires
newbie
Topic Author
Posts: 28
Joined: Thu Aug 18, 2016 11:12 am

PPC mangle + multiple local subnets

Fri Jun 04, 2021 1:34 pm

Hi, I try create PPC load balancing but I got multiple subnets at a local network and I'm unable to get it to work.

For example, if PC 192.168.150.30 try to ping the 192.168.50.5 the connection gets to mark by PPC to_starnet/to_videon and it's routed out.

ISP1 starnet : 10.27.104.234/30
ISP2 videon: 192.168.0.52/24
|
ROUTER (192.168.50.1 ; 192.168.150.1 etc)
|
Subnets:
192.168.50.0/24
192.168.150.0/24 - VLAN 150
192.168.70.0/24 - VLAN 70

My mangle:
/ip firewall mangle
add action=accept chain=prerouting comment="LB - standard route to starnet" \
    dst-address=10.27.104.232/30
add action=accept chain=prerouting comment="LB - standard route to videon" \
    dst-address=192.168.0.0/24
add action=accept chain=prerouting comment="LB - " dst-address=192.168.50.0/24 \
    src-address=192.168.150.0/24
add action=accept chain=prerouting comment="LB - " dst-address=192.168.150.0/24 \
    src-address=192.168.50.0/24
add action=mark-connection chain=prerouting comment="LB - in connection starnet" \
    connection-mark=no-mark in-interface=combo1-wan-starnet new-connection-mark=\
    starnet_conn passthrough=yes
add action=mark-connection chain=prerouting comment="LB - in connection videon" \
    connection-mark=no-mark in-interface=ether7-wan-videon new-connection-mark=\
    videon_conn passthrough=yes
add action=mark-connection chain=prerouting comment="LB - half to starnet" \
    connection-mark=no-mark dst-address-type=!local in-interface=bridge_main \
    new-connection-mark=starnet_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/0
add action=mark-connection chain=prerouting comment="LB - half to starnet" \
    connection-mark=no-mark dst-address-type=!local in-interface=bridge_main \
    new-connection-mark=videon_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/1
add action=mark-routing chain=prerouting comment="LB - route to starnet" \
    connection-mark=starnet_conn in-interface=bridge_main new-routing-mark=\
    to_starnet passthrough=yes
add action=mark-routing chain=prerouting comment="LB - route to videon" \
    connection-mark=videon_conn in-interface=bridge_main new-routing-mark=to_videon \
    passthrough=yes
add action=mark-routing chain=output comment="LB - route to starnet" \
    connection-mark=starnet_conn new-routing-mark=to_starnet passthrough=yes
add action=mark-routing chain=output comment="LB - route to videon" \
    connection-mark=videon_conn new-routing-mark=to_videon passthrough=yes
If I add this part of mangle, it works, but I do not want create mangle rules for every subnet combinations
add action=accept chain=prerouting comment="LB - " dst-address=192.168.50.0/24 \
    src-address=192.168.150.0/24
add action=accept chain=prerouting comment="LB - " dst-address=192.168.150.0/24 \
    src-address=192.168.50.0/24

Any solution? How exclude (accept) connection between subnets? I try to use extra -> dst. address type local but it does not match. (I think it mutch just IP assigned to router interfaces)

Thanks, guys
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: PPC mangle + multiple local subnets

Fri Jun 04, 2021 2:22 pm

 
User avatar
Fires
newbie
Topic Author
Posts: 28
Joined: Thu Aug 18, 2016 11:12 am

Re: PPC mangle + multiple local subnets - solved

Fri Jun 04, 2021 3:08 pm

OK thanks so solution is add every connected sub net as accept rule (you don't need combinations)
 8    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.50.0/24 log=yes log-prefix="" 

 9    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.70.0/24 log=no log-prefix="" 

10    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.200.0/24 log=no log-prefix="" 

11    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.150.0/24 log=yes log-prefix="" 

12    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.100.0/24 log=no log-prefix="" 

13    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.99.0/24 log=no log-prefix="" 

14    ;;; LB - connected subnets
      chain=prerouting action=accept dst-address=192.168.77.0/24 log=no log-prefix="" 

Who is online

Users browsing this forum: Ahrefs [Bot], GoogleOther [Bot], JDF, netmas, patrikg, RHWwijk and 86 guests