I have 2 internet connections and try to setup load balancing for them. I managed to get it working mostly, but I cant manage to get https (all other traffic types are working as expected) traffic to use the second wan at all. If I check the connections tab, the connections are marked correctly, but all the traffic is still using wan1.
Is there anything else that I have to change in order to load balance https traffic?
This is my config:
Code: Select all
# nov/20/2021 14:06:57 by RouterOS 6.47.8
# model = RB750Gr3
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge interface=bonding1
/interface list member
add interface=bridge list=LAN
add interface=ether1-wan list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether2-wan list=WAN
/ip firewall mangle
add action=accept chain=prerouting in-interface=ether1-wan
add action=accept chain=prerouting in-interface=ether2-wan
add action=accept chain=prerouting in-interface=pppoe-out1
add action=mark-connection chain=input in-interface=ether1-wan \
new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether2-wan \
new-connection-mark=wan2_conn passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out1 \
new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0 src-address=\
10.0.0.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local dst-port=22,80,183,8080,5060,2222 \
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 protocol=tcp src-address=10.0.0.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark dst-port=\
443,5000-6000 new-connection-mark=wan2_conn passthrough=yes protocol=tcp \
src-address=10.0.0.102
add action=mark-routing chain=prerouting connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes src-address=10.0.0.0/24
add action=mark-routing chain=prerouting connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes src-address=10.0.0.0/24
add action=mark-routing chain=prerouting connection-mark=no-mark new-routing-mark=to_wan1 passthrough=yes src-address=10.0.0.0/24
/ip route
add check-gateway=ping comment=to_wan1 distance=1 gateway=11.11.11.11 routing-mark=to_wan1
add check-gateway=ping comment=to_wan2 distance=1 gateway=22.22.22.22 routing-mark=to_wan2
add check-gateway=ping comment=fallback_wan1 distance=3 gateway=11.11.11.11
add check-gateway=ping comment=fallback_wan2 distance=4 gateway=22.22.22.22
TCP ports 22,80,183,8080,5060,2222 should get load balanced on all systems
TCP ports 443, 5000-6000 should get load balanced only on one system
everything else should use wan1 with wan2 as a fallback
so far everything has been working fine, except for TCP 443 (https), which is always using wan1 even if I move it into the general balancing rule and I have absolutely no idea why.
Any help with this would be greatly appreciated.
Best regards
Tom