Community discussions

MikroTik App
 
pawelfi1982
just joined
Topic Author
Posts: 13
Joined: Mon Nov 07, 2016 9:18 pm

PCC on rOS 7.8

Fri Mar 31, 2023 3:33 pm

Hello,
I will be very happy if anyone can look at my config. Im trying to get it work from many days, but Im out of idea.
Im trying to setup PCC for 2 WAN connections in my home Router. I followed every each example that i found according to ROS 7.
Im running my router on rb750g3 with newest 7.8 OS version
I did all I could, but my internet connection with PCC doesn't work with this config:
/interface list
add name=WAN
add name=LAN

/routing table
add disabled=no fib name=to_WAN1
add disabled=no fib name=to_WAN2


/ipv6 settings
set disable-ipv6=yes

/interface list member
add interface=ether1 list=WAN
add interface=ether3 list=WAN
add interface=ether2 list=LAN
add interface=ether4 list=LAN

/ip address
add address=10.0.10.1/30 interface=WAN_Pab_to_GAB network=10.0.10.0
add address=192.168.11.1/24 interface=LAN_10_pab network=192.168.11.0
add address=10.0.5.2/30 interface=ether3 network=10.0.5.0
add address=192.168.88.11/24 interface=MGMTVlan88 network=192.168.88.0
add address=192.168.3.3/29 interface=ether1 network=192.168.3.0
add address=192.168.20.1/25 interface=LAN_20_Pab network=192.168.20.0

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall filter
add action=fasttrack-connection chain=forward hw-offload=yes
add action=accept chain=forward connection-state=established,related disabled=yes

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.3.0/29 in-interface-list=LAN
add action=accept chain=prerouting dst-address=10.0.5.0/30 in-interface-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=WAN1_con_mark
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=WAN2_con_mark
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN1_con_mark per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN2_con_mark per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_con_mark in-interface-list=LAN new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_con_mark in-interface-list=LAN new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN1_con_mark new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_con_mark new-routing-mark=to_WAN2

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN src-address=192.168.11.0/24

/ip route
add comment="for working internet" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping gateway=10.0.5.1 routing-table=to_WAN2
add check-gateway=ping gateway=192.168.3.1 routing-table=to_WAN1
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: PCC on rOS 7.8

Fri Mar 31, 2023 6:13 pm

Are the WANIPs fixed or dynamic?
 
pawelfi1982
just joined
Topic Author
Posts: 13
Joined: Mon Nov 07, 2016 9:18 pm

Re: PCC on rOS 7.8

Fri Mar 31, 2023 6:39 pm

Both fixed.
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: PCC on rOS 7.8

Fri Mar 31, 2023 7:38 pm

You are trying to pcc a single LAN?
Why does only one LAN have sourcenatting?
Do you use a bridge construct??
Where is the default route for WAN2 ???

(1) /ip route
dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-table=main
dst-address=0.0.0.0/0 gateway=10.0.5.1 routing-table=main
dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-table=to_WAN1
dst-address=0.0.0.0/0 gateway=10.0.5.1 routing-table=to_WAN2


Assumes you only want 192.168.11.0/24 going out WAN and using PCC.

(2) /ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.3.0/24
add action=accept chain=prerouting dst-address=10.0.5.0/24

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=WAN1_con_mark passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=WAN2_con_mark passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN_10_pab new-connection-mark=WAN1_con_mark per-connection-classifier=both-addresses:2/0 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN_10_pab new-connection-mark=WAN2_con_mark per-connection-classifier=both-addresses:2/1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1_con_mark in-interface=LAN_10_pab new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_con_mark in-interface=LAN_10_pab new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_con_mark new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_con_mark new-routing-mark=to_WAN2 passthrough=yes
 
pawelfi1982
just joined
Topic Author
Posts: 13
Joined: Mon Nov 07, 2016 9:18 pm

Re: PCC on rOS 7.8

Fri Mar 31, 2023 11:28 pm

"You are trying to pcc a single LAN?"
Here yes, I simplify it cause it was not working, so i had to leave it as simple i could.
" Why does only one LAN have source natting?"
Because its a part of a bigger setup. - The big setup is that I give ISP to my neighbor and he is giving his to me. So I created another network that should not use PCC - but just give him my ISP over a NAT. He is giving now his ISP to me that same way to ether3 port.
It will be on my side
add action=masquerade chain=srcnat out-interface-list=ether1 src-address=10.0.10.1/30
and on his side it is:
add action=masquerade chain=srcnat out-interface-list=ether1 src-address=10.0.5.1/30
Without this separation we would PCC WAN in loop
" Do you use a bridge construct??"
Im using bridge and VLANS - all ports are inside bridge and VLANs are set on it.
ether1 and ether3 are WANs cause they are together with ether5 on the same lane to CPU, and ether2 and ether4 ports are on second lane to CPU where are my LAN ports (i read it somewhere here on forum how rg750gr3 is configured inside hardware) (1-3-5) and (2-4) - using it like this its best performance.
" Where is the default route for WAN2 ???"
Here was my big mistake, I thought that when im using PCC i can not use this 2 lines You gave me.:
dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-table=main
dst-address=0.0.0.0/0 gateway=10.0.5.1 routing-table=main
So what i did now? I put this lines You gave me:
dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-table=main
dst-address=0.0.0.0/0 gateway=10.0.5.1 routing-table=main
dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-table=to_WAN1
dst-address=0.0.0.0/0 gateway=10.0.5.1 routing-table=to_WAN2
And without changing all rules on mangle Its working now as it should.
The only modification I did i put also 3rd line on prerouting as ether1 is ~540MBs and ether3 ~100MBs (at night is faster so I will test it later).
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN1_con_mark per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN1_con_mark per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN2_con_mark per-connection-classifier=both-addresses:3/2
Thank You very much for Your fast response and help.
Now I will set up also the failover part - I hope it will be working fine. After that I will be ready to putt all rules to my FW and reconfigure my home network.

Who is online

Users browsing this forum: AnzUl, artone, Google [Bot], jvanhambelgium, Kandelabro, Kanzler, kolopeter, LightnetBarry and 49 guests