Community discussions

MikroTik App
 
Alexybg
just joined
Topic Author
Posts: 20
Joined: Tue Dec 13, 2016 5:10 pm

RouterOS 7.8 - 2 WAN help

Fri Apr 28, 2023 11:39 am

Hi I need a help with simple configuration of PCC load balance
I use 2 WAN. eth1- PPPOE static IP and eth -2 static IP
Load Balance working great . But I don't have a local ping to router ,connection with Winbox work only by MAC adress local (not with IP), web page work local only if eth2 is disabled.
I would be glad if someone could help me

Here is my config
RouterOS 7.8

/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.3.10-192.168.3.100
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf

/routing table
add fib name=to_ISP1
add fib name=to_ISP2

/interface bridge port
add bridge=bridge interface=ether5
add bridge=bridge interface=ether4
add bridge=bridge interface=ether3
add bridge=bridge interface=wifi1
add bridge=bridge interface=wifi2

/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
add interface=ether2 list=WAN

/ip address
add address=192.168.3.3/24 interface=bridge network=192.168.3.0

/ip dhcp-server network
add address=192.168.3.0/24 gateway=192.168.3.3 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.4.4,8.8.8.8

/ip firewall address-list
add address=192.168.3.0/24 list=LAN-Address

/ip firewall rules
add action=accept chain=input log=yes protocol=icmp
add action=accept chain=forward comment="default configuration" connection-state=established,related
add action=accept chain=input connection-state=established,related

/ip firewall mangle

add action=mark-connection chain=prerouting comment="mark Connection" new-connection-mark=wan1 passthrough=yes per-connection-classifier= both-addresses-and-ports:2/0 src-address-list=LAN-Address
add action=mark-connection chain=prerouting new-connection-mark=wan2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LAN-Address
add action=mark-routing chain=prerouting connection-mark=wan1 new-routing-mark=to_ISP1 passthrough=yes src-address-list=LAN-Address
add action=mark-routing chain=prerouting connection-mark=wan2 new-routing-mark=to_ISP2 passthrough=yes src-address-list=LAN-Address

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN


/ip route
add comment="Load Banancing 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src="" routing-table=to_ISP1 scope=30 suppress-hw-offload=no target-scope=10
add comment="Load Banancing 2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src="" routing-table=to_ISP2 scope=30 suppress-hw-offload=no target-scope=10
 
irfan44
just joined
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: RouterOS 7.8 - 2 WAN help

Sun May 07, 2023 1:19 am

/ip firewall rules
add action=accept chain=input log=yes protocol=icmp
add action=accept chain=forward comment="default configuration" connection-state=established,related
add action=accept chain=input connection-state=established,related

/ip firewall mangle
add action=mark-connection chain=prerouting comment="mark Connection" new-connection-mark=wan1 passthrough=yes per-connection-classifier= both-addresses-and-ports:2/0 src-address-list=LAN-Address
add action=mark-connection chain=prerouting new-connection-mark=wan2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LAN-Address
add action=mark-routing chain=prerouting connection-mark=wan1 new-routing-mark=to_ISP1 passthrough=yes src-address-list=LAN-Address
add action=mark-routing chain=prerouting connection-mark=wan2 new-routing-mark=to_ISP2 passthrough=yes src-address-list=LAN-Address

/ip route
add comment="Load Banancing 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src="" routing-table=to_ISP1 scope=30 suppress-hw-offload=no target-scope=10
add comment="Load Banancing 2" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src="" routing-table=to_ISP2 scope=30 suppress-hw-offload=no target-scope=10

I would suggest to remove all Firewall Rules if you are not sure what you want to achieve from them
- your Firewall Mangle Rules are incomplete for load balancing
- your Ip Routes are are missing entries for "main"

1. Remove all Firewall Rules

2. Correct your Firewall Mangle Rules as under

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=pppoe-out1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark="" in-interface=\
ether2 new-connection-mark=WAN2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=LAN-Address new-connection-mark=\
WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local src-address-list=LAN-Address new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
src-address-list=LAN-Address new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
src-address-list=LAN-Address new-routing-mark=to_ISP2 passthrough=yes

add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_ISP2 passthrough=yes

3. For Routes

/ip route
add check-gateway=ping disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src="" routing-table=main \
scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src="" routing-table=main \
scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=84.54.182.1 pref-src="" routing-table=to_ISP1 \
scope=10 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src="" routing-table=\
to_ISP2 scope=10 suppress-hw-offload=no target-scope=11

Let me know if it helps
 
Alexybg
just joined
Topic Author
Posts: 20
Joined: Tue Dec 13, 2016 5:10 pm

Re: RouterOS 7.8 - 2 WAN help

Mon May 08, 2023 2:51 pm

What to say. Great help.
Everything went as it should.
a thousand thanks
 
irfan44
just joined
Posts: 21
Joined: Fri Apr 07, 2023 6:26 pm

Re: RouterOS 7.8 - 2 WAN help

Mon May 08, 2023 5:21 pm

Good to hear that.
Mark it solved then

Who is online

Users browsing this forum: Majestic-12 [Bot] and 32 guests