Can anyone help me?
I set up a RB450G to do load balancing between two WAN connections. It works fine. However, I would like to add a 3rd connection and a possible 4th.
This is the script I'm using: Would I just add a new line underneath for a third WAN port?
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
Thanks in advance,
Cinders
Re: Help with load balancing
WAN-OUT will be your interface name and wont be the same. Perhaps WAN-OUT1 and WAN-OUT2.add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=WAN-OUT
Now to the quiestion, prety much yes, exept for this part.
both-addresses-and-ports:2/1 will become 3/2 and 2/1 will become 3/1 and so forth. First part is the amount of Wan's. Also both-addresses-and-ports will prety much break evry thing using secure ports, banks, games ext. src-port works.add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
Re: Help with load balancing
Would this work?
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN3
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=3 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN3
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=3 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
Re: Help with load balancing
Is there a way to do this so that https works?both-addresses-and-ports:2/1 will become 3/2 and 2/1 will become 3/1 and so forth. First part is the amount of Wan's. Also both-addresses-and-ports will prety much break evry thing using secure ports, banks, games ext. src-port works.
Re: Help with load balancing
Sorry, thought i did include this. Have to use src address as classifier.
Re: Help with load balancing
No problem. Thanks for the help, I appreciate it. I created a script to include another WAN port and it works. 8 )
I'm going to look to do this using PPPoE Clients next, so I can put the modems in bridge mode and let the mikrotik do PPPoE.
With regards to using src address, i'm guessing it goes in this bit of script:
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=src-address:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=src-address:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=src-address:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
Have I done this correctly?
Cinders.
I'm going to look to do this using PPPoE Clients next, so I can put the modems in bridge mode and let the mikrotik do PPPoE.
With regards to using src address, i'm guessing it goes in this bit of script:
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=src-address:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=src-address:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=src-address:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
Have I done this correctly?
Cinders.
Re: Help with load balancing
Looks good.