Community discussions

MikroTik App
  4. RouterOS
  5. General

2 isp

Post Reply
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

2 isp

Sat Jun 10, 2006 12:29 pm

Would you please take a look and tell me what is wrong here?
Code: Select all
[admin@crosslink] ip firewall address-list> print
Flags: X - disabled, D - dynamic 
 #   LIST       ADDRESS                        
 0   isp1    81.180.0.0/15                  
 1   isp1    80.96.0.0/15                   
 2   isp1    85.120.0.0/14
Code: Select all
[admin@crosslink] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting dst-address-list=isp1 action=mark-routing new-routing-mark=isp1 passthrough=yes 
 1   chain=prerouting dst-address-list=!isp1 action=mark-routing new-routing-mark=isp2 passthrough=no
Code: Select all
[admin@crosslink] ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 #     DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE INTERFACE        ROUTING MARK 
 0 ADC xxx.xxx.0.1/32    xxx.xxx.17.200                              interface isp1
 1 ADC xxx.xxx.93.0/26   xxx.xxx.93.20                               interface isp2      
 2 ADC 192.168.0.0/22    192.168.0.1                                 interface local
 3 A S 0.0.0.0/0                          r xxx.xxx.93.1             interface isp2       
 4 A S 0.0.0.0/0                          r xxx.xxx.0.1              interface isp1   isp1
Code: Select all
[admin@crosslink] ip dns> print
            primary-dns: xxx.xxx.xxx.25 DNS isp1
          secondary-dns: xxx.xxx.xxx.20 1DNS isp2
  allow-remote-requests: yes
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 244KiB
I would like to route the entire traffic comming from/gowing to ISP1 trough ISP1 gateway and the rest of the traffic trough ISP2 gateway.
However I am making a mistake somewhere. Any help?
Top
 
zaherhamiyah
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Thu Mar 23, 2006 12:43 am

Sat Jun 10, 2006 12:55 pm

i dont have much time to read all of your config but i advice increase your DNS cache to 10MB=10240KB
Top
 
advantz
Member Candidate
Member Candidate
Posts: 187
Joined: Thu Jul 08, 2004 4:11 am

Sat Jun 10, 2006 3:38 pm

where is nat code?

I assume you are using src-nat?
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Sat Jun 10, 2006 4:14 pm

here it is:
Code: Select all
[admin@crosslink] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat src-address=192.168.0.0/22 action=masquerade
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Mon Jun 12, 2006 12:50 pm

any ideea? regarding this issue?
2 internet service providers, 1 LAN, routing traffic based on Address List
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Mon Jun 12, 2006 10:07 pm

I changed the nat rules
still no result
Code: Select all
[admin@crosslink] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0 chain=srcnat connection-mark=isp1 action=src-nat to-addresses=xxx.xxx.17.200 to-ports=0-65535 

 1 chain=srcnat connection-mark=isp2 action=src-nat to-addresses=xxx.xxx.93.20 to-ports=0-65535
Top
 
User avatar
Mitak
newbie
Posts: 42
Joined: Wed Jun 07, 2006 10:12 am
Location: Bulgaria
Contact:
Contact Mitak

try with this

Mon Jun 12, 2006 10:37 pm

/ip firewall mangle

Mark isp1 connection:
add chain=prerouting src-address-list=isp1 action=mark-connection new-connection-mark=isp1_conn passthrough=yes

Mark isp1 packets:
add chain=prerouting connection-mark=isp1_conn action=mark-packet new-packet-mark=isp1_p

do same for isp2:
add chain=prerouting src-address-list=!isp1 action=mark-connection new-connection-mark=isp2_conn passthrough=yes

add chain=prerouting connection-mark=isp2_conn action=mark-packet new-packet-mark=isp2_p

routing mark:

add chain=prerouting packet-mark=isp1_p action=mark-routing new-routing-mark=isp1_r
add chain=prerouting packet-mark=isp2_p action=mark-routing new-routing-mark=isp2_r

now add the routing rules:

/ip route
1st remove the default gateway:

remove [/ip route find dst 0.0.0.0/0]

and add the isp1 gateway:
add gateway=ISP1_GATEWAY routing-mark=isp1_r
add gateway=ISP2_GATEWAY routing-mark=isp2_r

just replace ISP1_GATEWAY and ISP2_GATEWAY with your gateways, ant that`s all!

now, add a masquerade rule:

/ip firewall nat
add chain=srcnat src-address=192.168.0.0/24 action=masquerade

just replace 192.168.0.0/24 network with your network, ant that`s all!
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Tue Jun 13, 2006 7:46 pm

thank you, but
somewhere there is still a problem

here it is the configuration now:
Code: Select all
[admin@crosslink] ip firewall address-list> print 
Flags: X - disabled, D - dynamic 
 #   LIST       ADDRESS                        
 0   isp1    81.180.0.0/15                  
 1   isp1    80.96.0.0/15                    
 2   isp1    85.120.0.0/14
Code: Select all
[admin@crosslink] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting src-address-list=isp1 action=mark-connection 
     new-connection-mark=isp1_conn passthrough=yes 

 1   chain=prerouting connection-mark=isp1_conn action=mark-packet 
     new-packet-mark=isp1_pack passthrough=no 

 2   chain=prerouting packet-mark=isp1_pack action=mark-routing 
     new-routing-mark=isp1_route passthrough=no 

 3   chain=prerouting src-address-list=!isp1 action=mark-connection 
     new-connection-mark=isp2_conn passthrough=yes 

 4   chain=prerouting connection-mark=isp2_conn action=mark-packet 
     new-packet-mark=isp2_pack passthrough=no 

 5   chain=prerouting packet-mark=isp2_pack action=mark-routing 
     new-routing-mark=isp2_route passthrough=no
Code: Select all
[admin@crosslink] ip dns> print 
            primary-dns: xxx.xxx.xxx.25 DNS isp1 
          secondary-dns: xxx.xxx.xxx.20 1DNS isp2 
  allow-remote-requests: yes 
             cache-size: 2048KiB 
          cache-max-ttl: 1w 
             cache-used: 244KiB
Code: Select all
[admin@crosslink] ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 #     DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE INTERFACE     
 0 ADC xxx.xxx.0.1/32        xxx.xxx.xxx.xxx                              isp1 interface
 1 ADC xxx.xxx.93.0/26     xxx.xxx.93.20                               isp2 interface       
 2 ADC 192.168.0.0/22    192.168.0.1                             Lan       
 3 A S 0.0.0.0/0                          r gatewayISP2              isp2       (routing-mark=isp2_route)
 4 A S 0.0.0.0/0                          r gatewayISP1                 isp1 (routing-mark=isp1_route)
Code: Select all
[pentagrama@crosslink] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat src-address=192.168.0.0/22 action=masquerade
thank you once again
Top
 
User avatar
Mitak
newbie
Posts: 42
Joined: Wed Jun 07, 2006 10:12 am
Location: Bulgaria
Contact:
Contact Mitak

try this

Wed Jun 14, 2006 12:24 am

thank you, but
somewhere there is still a problem

here it is the configuration now:

thank you once again
hm... try:
Code: Select all
/ip firewall mangle

set 1 passthrough=yes
set 4 passthrough=yes
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Wed Jun 14, 2006 9:49 am

I tried that as well
I 've got the same problem

Does it matter that I'm connecting to ISP1 via Ethernet and to ISP2 via PPoE?
Top
 
joeri91942
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Mar 31, 2005 12:31 pm
Location: Sundsvall, Sweden

Wed Jun 14, 2006 12:05 pm

Not sure I completely understand what you want to do, you stated that you want to "entire traffic comming from/gowing to ISP1 trough ISP1 gateway "... how would you know what IPs are under a certains ISPs control?

If you are saying that you want incoming traffic to your router's external ISP1 interface to be returned the way it arrived (for example a published web server) you wold be better of marking traffic on what interface it arrives on instead of the IP.

Also you need to first do a connection-mark (to be able to track replies) and then mark packets that match the connection-mark, on packet mark rules you should set passthrough=no so that later rules doesn't change your marks.

Search my posts for a thread discussing policy based routing, you should be able to figure out how to do it from that

Best regards

/Jörgen
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Wed Jun 14, 2006 12:44 pm

Not sure I completely understand what you want to do, you stated that you want to "entire traffic comming from/gowing to ISP1 trough ISP1 gateway "... how would you know what IPs are under a certains ISPs control?
Yes, that is what I would like to do. I know all addresses alocated to ISP1 from http://www.ripe.net and I inserted them in an Address List.
Top
 
joeri91942
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Mar 31, 2005 12:31 pm
Location: Sundsvall, Sweden

Wed Jun 14, 2006 1:15 pm

Then it should be enough with just static routes....

/Jörgen
Top
 
User avatar
Mitak
newbie
Posts: 42
Joined: Wed Jun 07, 2006 10:12 am
Location: Bulgaria
Contact:
Contact Mitak

read this

Wed Jun 14, 2006 2:52 pm

http://forum.mikrotik.com//viewtopic.php?t=8870

http://wiki.mikrotik.com/wiki/Improved_ ... e_Gateways
Top
 
sorinbuda
newbie
Topic Author
Posts: 29
Joined: Sun Nov 14, 2004 6:27 am

Sun Jun 18, 2006 2:54 pm

any neaws regarding this problem?
has enybody tried such configuration?
Top
Post Reply

Who is online

Users browsing this forum: EnglishInfix and 22 guests
  4. RouterOS
  5. General