Community discussions

MikroTik App
 
poseo9wsw
newbie
Topic Author
Posts: 48
Joined: Thu Feb 02, 2023 6:41 pm

2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 2:03 am

Client machine is a WIN 10, its not getting a gateway:
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4d43:eb5b:aea8:5817%19
   IPv4 Address. . . . . . . . . . . : 192.168.100.254
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

The configuration is like this at the moment, is anyone seeing something in the Routes that is creating the problem? Or something different but I think I have narrowed it to that.


# apr/15/2014 01:44:45 by RouterOS 7.8
# software id =
#
/interface bridge
add name=LAN-Bridge
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=Eth2-WAN1
set [ find default-name=ether3 ] disable-running-check=no name=eth1-LAN
set [ find default-name=ether2 ] disable-running-check=no name=eth3-WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN-Bridge lease-time=1h name=dhcp1
/interface bridge port
add bridge=LAN-Bridge interface=eth1-LAN
/ip address
add address=192.168.100.1/24 interface=LAN-Bridge network=192.168.100.0
/ip dhcp-client
add add-default-route=no interface=eth3-WAN2 use-peer-dns=no use-peer-ntp=no
add add-default-route=no interface=Eth2-WAN1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.0.0.0/8 dns-server=8.8.8.8 gateway=10.100.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.1.2.1 list=LAN
/ip firewall mangle
add action=accept chain=prerouting in-interface=Eth2-WAN1
add action=accept chain=prerouting in-interface=eth3-WAN2
add action=mark-connection chain=prerouting dst-address-type=local fragment=\
no new-connection-mark=Eth2-WAN1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=local \
new-connection-mark=Eth3-WAN2 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 src-address-type=""
add action=mark-routing chain=prerouting connection-mark=Eth2-WAN1 \
in-interface=LAN-Bridge new-routing-mark=main passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Eth3-WAN2 \
in-interface=LAN-Bridge new-routing-mark=main passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Eth2-WAN1
add action=masquerade chain=srcnat out-interface=eth3-WAN2
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.1.2.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=eth3-WAN2
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.1.2.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=Eth2-WAN1
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=eth3-WAN2
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 2:28 am

(1) Why is your DHPC network not using the same subnet as the rest of the config.
/ip dhcp-server network
add address=10.0.0.0/8 dns-server=8.8.8.8 gateway=10.100.1.1


Why not use the routers DNS caching ability with external dns servers??

/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1


/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 2:57 am

Mangle rules........
/ip firewall mangle
add action=accept chain=prerouting in-interface=Eth2-WAN1
add action=accept chain=prerouting in-interface=eth3-WAN2

TRY
add action=accept chain=prerouting out-interface=Eth2-WAN1
add action=accept chain=prerouting out-interface=eth3-WAN2


NEXT:


Wyy are you using fragment??? and the rule should be !local and where is the in-interface???

add action=mark-connection chain=prerouting connection mark=no-mark dst-address-type=!local \
in-interface=LAN-Bridge new-connection-mark=For-WAN1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0


add action=mark-connection chain=prerouting connection mark=no-mark dst-address-type=!local \
in-interface=LAN-Bridge new-connection-mark=For-WAN2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1


add action=mark-routing chain=prerouting connection-mark=For-WAN1 in-interface=LAN-Bridge \
new-routing-mark=useISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=For-WAN2 in-interface=LAN-Bridge \
new-routing-mark=useISP2 passthrough=yes


add action=mark-routing chain=output connection-mark=For-WAN1 new-routing-mark=useISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=For-WAN2 new-routing-mark=useIPS2 passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=Eth2-WAN1\
new-connection-mark=useISP1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=eth3-WAN2
new-connection-mark=For-WAN2 passthrough=yes

You also need to create tables.
/routing table add fib name=useISP1
/routing table add fib name=useISP2


In terms of routes this is what is required.
/ip route
add dst-address=0.0.0.0/0 gwy=ISP1-gwy-IP routing table=main
add dst-address=0.0.0.0/0 gwy=ISP1-gwy-IP routing table=useISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gwy=ISP2-gwy-IP routing table=main
add dst-address=0.0.0.0/0 gwy=ISP2-gwy-IP routing table=useISP2 check-gateway=ping
Last edited by anav on Fri Mar 24, 2023 3:04 am, edited 1 time in total.
 
poseo9wsw
newbie
Topic Author
Posts: 48
Joined: Thu Feb 02, 2023 6:41 pm

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 3:01 am

(1) Why is your DHPC network not using the same subnet as the rest of the config.
/ip dhcp-server network
add address=10.0.0.0/8 dns-server=8.8.8.8 gateway=10.100.1.1


Why not use the routers DNS caching ability with external dns servers??

/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1


/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
1) It was a remnant. The WAN I am testing with is 10. so I moved my LAN to a 198. and I missed this. The gateway now shows up, but I am unable to ping it.

Caching, thank you for the tip, I checked the box.

I see the gateway in ipconfig, but I cannot ping it. I looked at the routing table and only see "main" - unsure if that's normal. I can ping 8.8.8.8 now from the PC, but pinging any domain.com could not find host. This is the modification I made to the config.

# apr/15/2014 03:49:32 by RouterOS 7.8
# software id =
#
/interface bridge
add name=LAN-Bridge
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=Eth2-WAN1
set [ find default-name=ether3 ] disable-running-check=no name=eth1-LAN
set [ find default-name=ether2 ] disable-running-check=no name=eth3-WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN-Bridge lease-time=1h name=dhcp1
/interface bridge port
add bridge=LAN-Bridge interface=eth1-LAN
/ip address
add address=192.168.100.1/24 interface=LAN-Bridge network=192.168.100.0
/ip dhcp-client
add add-default-route=no interface=eth3-WAN2 use-peer-dns=no use-peer-ntp=no
add add-default-route=no interface=Eth2-WAN1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.1.2.1 list=LAN
/ip firewall mangle
add action=accept chain=prerouting in-interface=Eth2-WAN1
add action=accept chain=prerouting in-interface=eth3-WAN2
add action=mark-connection chain=prerouting dst-address-type=local fragment=\
no new-connection-mark=Eth2-WAN1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=local \
new-connection-mark=Eth3-WAN2 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 src-address-type=""
add action=mark-routing chain=prerouting connection-mark=Eth2-WAN1 \
in-interface=LAN-Bridge new-routing-mark=main passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Eth3-WAN2 \
in-interface=LAN-Bridge new-routing-mark=main passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Eth2-WAN1
add action=masquerade chain=srcnat out-interface=eth3-WAN2
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.1.2.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=eth3-WAN2
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.1.2.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=Eth2-WAN1
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10 vrf-interface=eth3-WAN2
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 3:05 am

see the rest of my reply in the above post.
 
poseo9wsw
newbie
Topic Author
Posts: 48
Joined: Thu Feb 02, 2023 6:41 pm

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 3:31 am

Mangle rules........
/ip firewall mangle
add action=accept chain=prerouting in-interface=Eth2-WAN1
add action=accept chain=prerouting in-interface=eth3-WAN2

TRY
add action=accept chain=prerouting out-interface=Eth2-WAN1
add action=accept chain=prerouting out-interface=eth3-WAN2
I'm working thru the rest, but this error came up when I tried this. I tried to delete the 2 rules first but same error.

failure: outgoing interface matching not possible in input and prerouting chains
 
poseo9wsw
newbie
Topic Author
Posts: 48
Joined: Thu Feb 02, 2023 6:41 pm

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 5:07 pm

Thanks again for the assistance. I have mapped all the changes, they look as you suggest. I am still butting on the error mentioned in the previous post.

failure: outgoing interface matching not possible in input and prerouting chains

The Winbox terminal cannot ping 8888 or google.com, I am wondering if its related to this. I did some searching on the error but what I found was related to connection-type.

# apr/15/2014 18:08:42 by RouterOS 7.8
# software id =
#
/interface bridge
add name=LAN-Bridge
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=Eth2-WAN1
set [ find default-name=ether3 ] disable-running-check=no name=eth1-LAN
set [ find default-name=ether2 ] disable-running-check=no name=eth3-WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN-Bridge lease-time=1h name=dhcp1
/routing table
add fib name=useISP1
add fib name=useISP2
/interface bridge port
add bridge=LAN-Bridge interface=eth1-LAN
/ip address
add address=192.168.100.1/24 interface=LAN-Bridge network=192.168.100.0
/ip dhcp-client
add add-default-route=no interface=eth3-WAN2 use-peer-dns=no use-peer-ntp=no
add add-default-route=no interface=Eth2-WAN1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.1.2.1 list=LAN
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=LAN-Bridge new-connection-mark=\
For-WAN1 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=LAN-Bridge new-connection-mark=\
For-WAN2 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=For-WAN1 \
in-interface=LAN-Bridge new-routing-mark=useISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=For-WAN2 \
in-interface=LAN-Bridge new-routing-mark=useISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=For-WAN1 \
new-routing-mark=useISP1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=Eth2-WAN1 new-connection-mark=useISP1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=eth3-WAN2 new-connection-mark=For-WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Eth2-WAN1
add action=masquerade chain=srcnat out-interface=eth3-WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=10.1.2.1 routing-table=main
add check-gateway=ping dst-address=0.0.0.0/0 gateway=10.1.2.1 routing-table=\
useISP1
add dst-address=0.0.0.0/0 gateway=172.16.1.1 routing-table=main
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 pref-src="" routing-table=useISP2 scope=30 \
suppress-hw-offload=no target-scope=10
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Fri Mar 24, 2023 7:00 pm

Probably because they are dynamic WANIps?? or likely using in-interface is NOT a valid approach so my error!!

In the xample I was following they didnt use in-interface, they used dst-add =
Will have to think how to mimic that so it works.
 
poseo9wsw
newbie
Topic Author
Posts: 48
Joined: Thu Feb 02, 2023 6:41 pm

Re: 2 WAN load balanced + 1 LAN - client machine not getting gateway

Sat Mar 25, 2023 12:29 am

Probably because they are dynamic WANIps?? or likely using in-interface is NOT a valid approach so my error!!

In the xample I was following they didnt use in-interface, they used dst-add =
Will have to think how to mimic that so it works.
I'm going to backup this config and try a few online tutorials and see if that shakes something into working. I've setup a test machine with 3 NICs so I can mimic my physical machine as much as I need.

Thanks again...

Who is online

Users browsing this forum: ericksetiawan, johnson73 and 40 guests