Community discussions

MikroTik App
  4. RouterOS
  5. General

Load Balancing questions

Post Reply
 
dbRenaud
just joined
Topic Author
Posts: 1
Joined: Wed May 09, 2012 6:05 pm

Load Balancing questions

Thu Feb 28, 2013 12:26 am

Hello,

After searching the web, I hope someone will be able to help me.

I have actually 3 WAN connection, WAN1, WAN2 and WAN3.
I wonder if there's anyway to force ports to go trough a Specified WAN1.
Ex. If I use Steam and I host a game server on port 3074 ans 27000-27050 I want it only on WAN1.

Also is there any way to setup vlan to go WAN2 an WAN3 only?
I don't want my Hotspot to go through WAN1

Thanks alot for any help!
Code: Select all
[admin@MikroTik] /ip firewall filter> /export compact
# feb/27/2013 17:23:17 by RouterOS 6.0rc9
# software id = XPXI-LV8Q
#
/interface ethernet
set 0 name=Local
set 1 name=WAN1
set 2 name=WAN2
set 3 disabled=yes name=WAN3
/interface wireless
set 0 disabled=no l2mtu=2290 mode=ap-bridge
/ip dhcp-server
add interface=WAN1 name=dhcp2
add interface=wlan1 name=dhcp3
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp_pool1 ranges=192.168.0.20-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Local name=dhcp1
/ip address
add address=192.168.0.1/24 interface=Local network=192.168.0.0
add address=192.168.1.5/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.5/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.5/24 interface=WAN3 network=192.168.3.0
/ip dhcp-server lease
add address=192.168.0.10 client-id=**HIDDEN** mac-address=**HIDDEN** server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.4.4,8.8.8.8
/ip firewall filter
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-connection chain=input in-interface=WAN3 new-connection-mark=WAN3_conn
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN3_conn new-routing-mark=to_WAN3
add chain=prerouting dst-address=192.168.1.0/24
add chain=prerouting dst-address=192.168.2.0/24
add chain=prerouting dst-address=192.168.3.0/24
add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1 !to-addresses !to-ports
add action=masquerade chain=srcnat out-interface=WAN2 !to-addresses !to-ports
add action=masquerade chain=srcnat out-interface=WAN3 !to-addresses !to-ports
add action=dst-nat chain=dstnat dst-port=3074 in-interface=WAN1 protocol=tcp to-addresses=192.168.0.10 to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface=WAN1 protocol=udp to-addresses=192.168.0.10 to-ports=3074
add action=dst-nat chain=dstnat dst-port=27000-27050 in-interface=WAN1 protocol=tcp to-addresses=192.168.0.10 to-ports=\
    27000-27050
add action=dst-nat chain=dstnat dst-port=27000-27050 in-interface=WAN1 protocol=udp to-addresses=192.168.0.10 to-ports=\
    27000-27050
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=1 gateway=192.168.3.1
add check-gateway=ping distance=1 gateway=192.168.2.1
Top
 
User avatar
dotnet
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Feb 26, 2013 11:41 am
Location: Chittagong, Bangladesh.

Re: Load Balancing questions

Thu Feb 28, 2013 7:18 am

I think your mangle rule should be some changed

/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=wan1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=wan2 new-connection-mark= wan2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=wan3 new-connection-mark= wan3_conn passthrough=yes

add action=mark-connection chain=output disabled=no dst-port=80 new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/0 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=both-addresses:2/1 protocol=tcp

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark= wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/0 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=both-addresses:2/1 protocol=tcp

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no in-interface=Local new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no in-interface=Local new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_conn disabled=no in-interface=Local new-routing-mark=to_wan3 passthrough=yes

add action=mark-routing chain=output connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wan3_conn disabled=no new-routing-mark=to_wan3 passthrough=yes



best regards
Top
Post Reply

Who is online

Users browsing this forum: panisk0, voytecky and 31 guests
  4. RouterOS
  5. General