Dual WAN Load Balancing Problems
Posted: Tue Oct 14, 2014 12:32 am
Hello all!
I followed this http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways scenario but I came across some nasty problems!
Instead of separating one LAN subnet into two groups I have two bridges on several LAN interfaces (bridge1 192.168.5.0/24 and bridge2 192.168.10.0/24). I want some communication between those bridges, mainly http and ssh.
After I setup the load balancing, bridge1 goes through ISP1 and bridge2 goes through ISP2 but I lost connection between the bridges completely.
What did I wrong?
Here is my basic configuration:
Interfaces/Bridges:
I followed this http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways scenario but I came across some nasty problems!
Instead of separating one LAN subnet into two groups I have two bridges on several LAN interfaces (bridge1 192.168.5.0/24 and bridge2 192.168.10.0/24). I want some communication between those bridges, mainly http and ssh.
After I setup the load balancing, bridge1 goes through ISP1 and bridge2 goes through ISP2 but I lost connection between the bridges completely.
What did I wrong?
Here is my basic configuration:
Interfaces/Bridges:
ros code
/interface bridge add mtu=1500 name=privat protocol-mode=none add mtu=1500 name=public protocol-mode=none add mtu=1500 name=radius protocol-mode=none add mtu=1500 name=wan protocol-mode=none /interface bridge port add bridge=wan interface=ether2 add bridge=privat interface=ether3 add bridge=wan interface=ether1 add bridge=public interface=ether8 add bridge=radius interface=ether6 add bridge=privat interface=ether4 add bridge=radius interface=ether5 add bridge=public interface=ether7Addresses:
ros code
/ip address add address=10.0.0.1/24 interface=wan network=10.0.0.0 add address=192.168.10.254/24 interface=privat network=192.168.10.0 add address=172.16.0.1/21 interface=public network=172.16.0.0 add address=192.168.5.254/24 interface=radius network=192.168.5.0 add address=192.168.20.254/24 interface=public network=192.168.20.0Firewall:
ros code
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.10.0/24 add action=masquerade chain=srcnat src-address=192.168.5.0/24 add action=masquerade chain=srcnat src-address=172.16.0.0/21 add action=masquerade chain=srcnat src-address=192.168.20.0/24
ros code
/ip firewall mangle add action=mark-routing chain=prerouting disabled=no new-routing-mark=a1_lan \ passthrough=no src-address-list=a1_wan_list add action=mark-routing chain=prerouting disabled=no new-routing-mark=nc_lan \ passthrough=no src-address-list=nc_wan_list add action=mark-routing chain=prerouting disabled=no new-routing-mark=a1_lan \ passthrough=no src-address-list=ap_list add action=mark-routing chain=prerouting disabled=no new-routing-mark=nc_lan \ src-address-list=radius_listIP Route:
ros code
/ip route add disabled=no distance=1 gateway=10.0.0.138 routing-mark=a1_lan add disabled=no distance=1 gateway=10.0.0.140 routing-mark=nc_lan add distance=1 gateway=10.0.0.140