Community discussions

MikroTik App
 
traceon
just joined
Topic Author
Posts: 1
Joined: Sun Jun 19, 2022 11:25 am

Multi-WAN with automatic Load Balancing and Fail-over and Port Forwarding

Sun Jun 19, 2022 12:11 pm

Hello,

I am a RouterOS newbie trying to setup automatic load balancing and automatic fail-over and port forwarding trough 2 ISPs connected to my router.
I know, load balancing/fail-over was discussed numerous times for different generations of RouterOS and using different approaches, I've read and implemented them all with various degree of success. To me, ECMP seems to be the most simple and robust way of implementing this. However, none of the approaches properly support/describe how to make (same) port forwarding work in such setups.

In the setup below, port forwarding through ISP1 and ISP2 works as expected, but if I change the distance on 0.0.0.0/0 -> 192.168.2.1 route to 1, ECMP begin to work as expected, splitting connections roughly equally between both ISPs, however, the port forwarding through ISP1 stops working (but remains functional through ISP2).

/system resource print
                   uptime: 1d21h10m50s
                  version: 7.3.1 (stable)
               build-time: Jun/09/2022 08:58:15
         factory-software: 6.44
              free-memory: 45.8MiB
             total-memory: 128.0MiB
                      cpu: ARM
                cpu-count: 4
            cpu-frequency: 672MHz
                 cpu-load: 2%
           free-hdd-space: 580.0KiB
          total-hdd-space: 15.2MiB
  write-sect-since-reboot: 32185
         write-sect-total: 111282
               bad-blocks: 0%
        architecture-name: arm
               board-name: hAP ac^2
                 platform: MikroTik
/interface list
add name=ilist-lan1
add name=ilist-wan1
add name=ilist-wan2

add include=ilist-lan1 name=ilist-lan
add include=ilist-wan1,ilist-wan2 name=ilist-wan

/interface list member
add interface=bridge1-lan1 list=ilist-lan1
add interface=ether1-wan1 list=ilist-wan1
add interface=ether2-wan2 list=ilist-wan2
/ip address
add address=10.10.10.1/24 interface=bridge1-lan1 network=10.10.10.0
add address=192.168.1.2/24 interface=ether1-wan1 network=192.168.1.0
add address=192.168.2.2/24 interface=ether2-wan2 network=192.168.2.0
/routing table
add fib name=rtab-ether1-wan1-only
add fib name=rtab-ether2-wan2-only
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=main
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-table=main distance=2

add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=rtab-ether1-wan1-only
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-table=rtab-ether2-wan2-only
/ip firewall address-list
add address=10.0.0.0/8 list=alist-lan

add address=192.168.1.2 list=alist-wan-mapped
add address=192.168.2.2 list=alist-wan-mapped

add address=10.0.0.0/8 list=alist-connected
add address=172.16.0.0/12 list=alist-connected
add address=192.168.0.0/16 list=alist-connected
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=ilist-wan src-address-list=alist-lan
add action=dst-nat chain=dstnat dst-address-list=alist-wan-mapped dst-port=443 in-interface-list=ilist-wan protocol=tcp to-addresses=10.10.10.10 to-ports=443
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=alist-connected src-address-list=alist-connected

add action=mark-connection chain=input connection-mark=no-mark in-interface=ether1-wan1 new-connection-mark=cmark-ether1-wan1-to-router
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether2-wan2 new-connection-mark=cmark-ether2-wan2-to-router
add action=mark-routing chain=output connection-mark=cmark-ether1-wan1-to-router new-routing-mark=rtab-ether1-wan1-only
add action=mark-routing chain=output connection-mark=cmark-ether2-wan2-to-router new-routing-mark=rtab-ether2-wan2-only

add action=mark-connection chain=forward connection-mark=no-mark in-interface=ether1-wan1 new-connection-mark=cmark-ether1-wan1-to-lan passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark in-interface=ether2-wan2 new-connection-mark=cmark-ether2-wan2-to-lan passthrough=yes
add action=mark-routing chain=prerouting connection-mark=cmark-ether1-wan1-to-lan in-interface-list=ilist-lan new-routing-mark=rtab-ether1-wan1-only
add action=mark-routing chain=prerouting connection-mark=cmark-ether2-wan2-to-lan in-interface-list=ilist-lan new-routing-mark=rtab-ether2-wan2-only
 
Miesiu
just joined
Posts: 13
Joined: Sat Mar 04, 2023 1:03 am

Re: Multi-WAN with automatic Load Balancing and Fail-over and Port Forwarding

Wed Apr 26, 2023 1:15 am

Have you resolved the problem ?

Who is online

Users browsing this forum: Bing [Bot] and 75 guests