Community discussions

MUM Europe 2020
 
bino
newbie
Topic Author
Posts: 42
Joined: Thu Jun 17, 2004 4:44 pm

PCC setup

Sat Apr 03, 2010 11:21 am

Dear All
My router is connected to internet through 2 gateway.
GW 1=
++ their router IP is 10.7.1.254/16
++ they give me IP of 10.7.222.33/16 ... and ask me to nat my local address to it

GW2 =
++ Their router IP is 10.255.255.1/30
++ they give me IP of 10.255.255.2/30
++ they ask me to NAT my local address to 10.1.1.0/28

My local network is at 192.168.0.0/16

Here is my configuration

/ip address

add address=10.255.255.2/30 broadcast=10.255.255.3 comment="" disabled=no \

interface=sife network=10.255.255.0

add address=10.7.222.33/16 broadcast=10.7.255.255 comment="" disabled=no \

interface=ether1 network=10.7.0.0

add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \

interface=ether5 network=192.168.1.0

add address=10.1.1.1/28/28 comment="" disabled=no \

interface=sife b


/ip route

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\

10.7.1.254 routing-mark=rou-pptik scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=2 dst-address=\

0.0.0.0/0 gateway=10.255.255.1 routing-mark=rou-sife scope=30 \

target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\

10.7.1.254 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\

10.255.255.1 scope=30 target-scope=10

/ip route rule

add action=lookup comment="" disabled=no routing-mark=rou-pptik src-address=\

0.0.0.0/0 table=rou-pptik

add action=lookup comment="" disabled=no routing-mark=rou-sife src-address=\

0.0.0.0/0 table=rou-sife



/ip firewall address-list

add address=192.168.0.0/16 comment="" disabled=no list=local

/ip firewall connection tracking

set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \

tcp-close-wait-timeout=10s tcp-established-timeout=1d \

tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \

tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \

tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s

/ip firewall mangle

add action=mark-connection chain=prerouting comment="PCC 2/0 --> con-sife" \

disabled=no dst-address-list=!local new-connection-mark=con-sife \

passthrough=no per-connection-classifier=both-addresses:2/1

add action=mark-connection chain=prerouting comment="PCC 2/1 --> con-pptik" \

connection-state=new disabled=no dst-address-list=!local \

new-connection-mark=con-pptik passthrough=no per-connection-classifier=\

both-addresses:2/2

add action=mark-routing chain=prerouting comment="con-pptik --> rou-pptik" \

connection-mark=con-pptik disabled=no new-routing-mark=rou-pptik \

passthrough=no

add action=mark-routing chain=prerouting comment="con-sife---> rou-sife" \

connection-mark=con-sife disabled=no new-routing-mark=rou-sife \

passthrough=no

/ip firewall nat

add action=src-nat chain=srcnat comment=nat-sife connection-mark=con-sife \

disabled=no to-addresses=10.1.1.1/28

add action=src-nat chain=srcnat comment="nat pptik" connection-mark=con-pptik \

disabled=no to-addresses=10.7.222.33



--------------------------------
I do check from a notebook attached as local (192.168.1.2).
I Look at the NAT tab of /ip/firewall ... looks like the number is increasing.
But the connection is fail .... looks like that the "route-mark" based gateway choose is not work.

My router is RB450 with ROS 4.6
My config is based on http://wiki.mikrotik.com/wiki/Manual:PCC
The different is that :
++ My Physical connection to the two gateway is only single UTP connection
++ I use src-nat ... not masquerade

Kindly please give me any enlightment
CERTIFIED CI$CO HATER

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 87 guests