I recently bought a RB750Gr3 in order to setup a dual WAN connection with load balancing
setup seems to be ok.
So currently, to make is as simple as possible I have :
ISP1(ether1) is ADSL
ISP2(ether2) is 4G with carrier-grade NAT
LAN(ether3)
on LAN I have a webServer.
My issue is around accessing WebServer from WAN
When only ISP1 is up, no issue.
But when both ISP1 and ISP2 are up then I can't connect.
I guess this is due to the fact that when Both ISP are up, WAN request reach ether1 but reply goes to ether2
But I cant find how to fix this
below is my config:
Code: Select all
# jul/02/2022 15:08:32 by RouterOS 7.3.1
# software id = FUD5-5Q6H
#
# model = RB750Gr3
# serial number = xxxxxxxxxxxx
/interface ethernet
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/routing table
add disabled=no fib name=ISP1
add disabled=no fib name=ISP2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,rest-api"
/ip firewall connection tracking
set enabled=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.2/30 interface=ether1 network=192.168.1.0
add address=192.168.2.2/30 interface=ether2 network=192.168.2.0
add address=192.168.0.1/30 interface=ether3 network=192.168.0.0
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=drop chain=output disabled=yes dst-address=8.8.8.8 protocol=icmp
add action=drop chain=output disabled=yes dst-address=8.8.4.4 protocol=icmp
add action=accept chain=forward dst-address=192.168.0.2 dst-port=8443 \
protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/30
add action=accept chain=prerouting dst-address=192.168.2.0/30
add action=accept chain=prerouting dst-address=192.168.0.0/30
add action=mark-connection chain=prerouting in-interface=ether3 \
new-connection-mark=ISP1 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting in-interface=ether3 \
new-connection-mark=ISP2 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1 in-interface=\
ether3 new-routing-mark=ISP1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=\
ether3 new-routing-mark=ISP2 passthrough=no
add action=mark-connection chain=prerouting in-interface=ether2 \
new-connection-mark=ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=\
ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=\
ISP2 passthrough=no
add action=mark-connection chain=prerouting in-interface=ether1 \
new-connection-mark=ISP1 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/30
add action=dst-nat chain=dstnat dst-port=8443 in-interface=ether1 protocol=\
tcp to-addresses=192.168.0.2 to-ports=8443
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=30
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=30
add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=192.168.2.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Paris
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.46.215.60
add address=162.159.200.123
/system resource irq rps
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
/tool bandwidth-server
set enabled=no