Community discussions

 
shonu
newbie
Topic Author
Posts: 37
Joined: Sun Sep 16, 2018 1:25 pm

load balancing script problem i provide script and pic

Thu Jan 03, 2019 12:14 pm

please some one help me . i have problm . in interface everything is look good . i have 2 wan his showing proper shoring .
but if i check my ping just my first line ping is working other 2 want shoinh time out
interface ethernet
set [ find default-name=ether4 ] name=Local
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether3 ] name=WAN3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=192.168.5.2-192.168.5.250
add name=dhcp_pool1 ranges=192.168.5.2-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Local name=dhcp1
/ip address
add address=192.168.5.1/24 interface=Local network=192.168.5.0
add address=192.168.1.2/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.2/24 interface=WAN3 network=192.168.3.0
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
add address=192.168.5.0/24 gateway=192.168.5.1
/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512 \
servers=221.132.112.8,8.8.8.8
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_conn
add action=mark-connection chain=input in-interface=WAN3 new-connection-mark=\
WAN3_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN3_conn \
new-routing-mark=to_WAN3 passthrough=yes
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
Local
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=\
Local
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=\
Local
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=Local new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=Local new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=Local new-connection-mark=WAN3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=Local new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=Local new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
in-interface=Local new-routing-mark=to_WAN3 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat out-interface=WAN3
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1
add check-gateway=ping distance=3 gateway=192.168.3.1
You do not have the required permissions to view the files attached to this post.
 
shonu
newbie
Topic Author
Posts: 37
Joined: Sun Sep 16, 2018 1:25 pm

Re: load balancing script problem i provide script and pic

Fri Jan 04, 2019 3:48 am

???? no one have any idea
 
Frostbyte
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Dec 25, 2017 1:42 am

Re: load balancing script problem i provide script and pic

Fri Jan 04, 2019 11:54 am

Hello,

You have posted this in the wrong section.
You're asking for assistance with your configuration, not scripting or code.

Regardless, let's start with a few observations:
  • The ip pool named "pooll" doesn't appear to be used anywhere, so you may want to remove it.
  • The network "192.168.0.0/24" under "/ip dhcp-server network" also doesn't appear to be used anywhere.

Onto your mangle rules now:
  • Improper usage of chains, you may want to consult this primer and this manual entry, so you can have a clearer picture of how things are supposed to work.
  • Much like the accept action, whatever hits a rule that doesn't have passthrough, is going to stop there.
  • Wrong order of rules. You generally want to be marking connections first and then routing.
  • While you are excluding traffic from your "Local" interface (which is your LAN I suppose) to your three WAN subnets, you are not doing it in both directions - plus you're not excluding LAN traffic itself.
  • Wrong selection of "in-interface" on the PCC rules. You're supposed to supply the WAN interfaces there, not the LAN one.
  • You should be using "connection-mark=no-mark" more, so you would mark only what's not already marked. Will improve the load of the device slightly also.

These being said, that's how I'd go about configuring the mangle table instead.

1. Create a "LOCAL" address list, containing all your internal networks:
/ip firewall address-list add list=LOCAL address=192.168.1.0/24
/ip firewall address-list add list=LOCAL address=192.168.2.0/24
/ip firewall address-list add list=LOCAL address=192.168.3.0/24
/ip firewall address-list add list=LOCAL address=192.168.5.0/24

2. Exclude LAN to LAN traffic from load balancing:
/ip firewall mangle add action=accept chain=prerouting dst-address-list=LOCAL src-address-list=LOCAL

3. Mark inbound connections (these rules should always be on, to avoid the common multi-WAN problem):
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes

4. Mark the outbound connections (these can be turned off, if you wish to pause load balancing):
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:3/1
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses:3/2

5. Assign routing marks to marked connections (LAN clients - these rules should always be on, to avoid the common multi-WAN problem):
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=Local new-routing-mark=to_WAN1 passthrough=no
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=Local new-routing-mark=to_WAN2 passthrough=no
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN3_conn in-interface=Local new-routing-mark=to_WAN3 passthrough=no

6. Assign routing marks to marked connections (Router itself - these rules should always be on, to avoid the common multi-WAN problem):
/ip firewall mangle add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=no
/ip firewall mangle add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=no
/ip firewall mangle add action=mark-routing chain=output connection-mark=WAN3_conn new-routing-mark=to_WAN3 passthrough=no

Your NAT configuration and routes appear to be alright.

PS: What I refer to as "common multi-WAN problem" is when traffic is entering through one WAN interface and then due to improper configuration leaves through another one. Simple rule of the thumb to remember: whatever enters, must exit from where it came from.

Who is online

Users browsing this forum: No registered users and 7 guests