2 Gateways - How to redirect traffic

wifipn · Tue Feb 06, 2007 11:33 am

I have 2x ADSL lines:

Ihug (P2P) - 10.1.1.3 - gateway: 10.1.1.1
Ihug (Web) - 192.168.1.3 - gateway: 192.168.1.1

I want to have all normal web traffic going through Ihug (Web) gateway and all P2P traffic going through Ihug (P2P) gateway - can someone walk me through the steps in doing this?

*Newbie*

Tue Feb 06, 2007 12:14 pm

Policy-routing should be used, add two gateways to 'ip router'.
Default gateway is gateway, where should be p2p traffic routed.
Alternative gateway with 'routing-mark' option, where another should be forwarded. Routing-mark is assigned in mangle, you can forward HTTP or other traffic.

wifipn · Tue Feb 06, 2007 12:16 pm

Little more in depth please

Tue Feb 06, 2007 12:18 pm

Policy-routing examples is shown here,
http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways
you need to transform it to the respective configuration.
Note, p2p traffic has to be router over default gateway without 'routing-mark' option.

wifipn · Tue Feb 06, 2007 12:45 pm

Doesn't seem to work - what am I doing wrong?

wifipn · Tue Feb 06, 2007 12:50 pm

the example and no traffic! Garrgh!

wifipn · Tue Feb 06, 2007 12:52 pm

that previous message was suppose to say I followed the example and no traffic!

Tue Feb 06, 2007 12:54 pm

As I wrote, you need to correct example to your situation.
If you will look and read carefuly configuration example, it provides explanation how to router one half of users trough one gateway and other half trough another gateway.
You have to use mangle routing-mark for HTTP traffic and redirect over gateway with 'routing-mark'.

wifipn · Tue Feb 06, 2007 9:02 pm

It still doesn't seem to be wokring, can you please send me examples with the gateways I provided in first message?

wifipn · Tue Feb 06, 2007 10:10 pm

I managed to get it working, with some ports being directed through one gateway (80,110,25,21,1863,3389) and everything else for P2P gateway.

Problem is, the Web Proxy which I use for cache is no longer being directed through the correct gateway.. When I turn the web proxy on all HTTP traffic goes through the P2P gateway - any ideas?

wifipn · Tue Feb 06, 2007 11:45 pm

The web proxy runs on port 8080... please help!

Wed Feb 07, 2007 8:32 am

Try to mark proxy packets in chain=output.

wifipn · Wed Feb 07, 2007 8:39 am

explanation please?

valens · Wed Feb 07, 2007 1:48 pm

About Packet Flow : http://www.mikrotik.com/testdocs/ros/2.9/ip/flow.php
and Mangle: http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php

wifipn · Wed Feb 07, 2007 9:57 pm

I've read this and have got P2P going through the correct gateway and HTTP traffic through the other, just not sure how to make the Web Proxy work through the correct gateway.. if someone could give me an exact example, I would appreciate that! Web Proxy works through Port 8080 and needs to go through interface "Ihug (Web)

wifipn · Thu Feb 08, 2007 10:49 pm

Newbie needs help! Help help!

valens · Fri Feb 09, 2007 4:49 am

Post your mangle route-mark

wifipn · Fri Feb 09, 2007 4:52 am

route-mark = web

valens · Fri Feb 09, 2007 4:55 am

You need to post the complete rule of your mangle, in order us to help you.
It's really not enough to troubleshot while you only say "route-mark = web"

wifipn · Fri Feb 09, 2007 4:59 am

0 ;;; HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no

1 ;;; POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=110
action=mark-routing new-routing-mark=Web passthrough=no

2 ;;; FTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=21
action=mark-routing new-routing-mark=Web passthrough=no

3 ;;; SMTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=25
action=mark-routing new-routing-mark=Web passthrough=no

4 ;;; MSN Messenger
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=Web passthrough=no

5 ;;; Remote Desktop
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=3389
action=mark-routing new-routing-mark=Web passthrough=no

6 ;;; Secure POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=995
action=mark-routing new-routing-mark=Web passthrough=yes

7 ;;; SSL Layer
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=443
action=mark-routing new-routing-mark=Web passthrough=no

8 ;;; SHOUTcast
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=8000
action=mark-routing new-routing-mark=Web passthrough=no

wifipn · Fri Feb 09, 2007 5:07 am

You need to post the complete rule of your mangle, in order us to help you.
It's really not enough to troubleshot while you only say "route-mark = web"

Well it is what you asked for wasn't it? route-mark=web - lol - Anyway above is the full print of my mangle rules, hope that helps..

janisk · Fri Feb 09, 2007 6:49 pm

in chain=output set routing mark for your web proxy.

wifipn · Fri Feb 09, 2007 11:00 pm

9 ;;; Web Proxy
chain=output src-address=172.31.0.0/16 protocol=tcp dst-port=8080
action=mark-routing new-routing-mark=Web passthrough=no

So that in mangle?

wifipn · Fri Feb 09, 2007 11:03 pm

4 ;;; Web Proxy
chain=dstnat src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=8080

and that in NAT?

wifipn · Fri Feb 09, 2007 11:07 pm

With the above combination, it makes the Web Proxy work but through the wrong gateway, also there are no packet counts in the mangle rule - like it's not even working... what have I done wrong?!

valens · Sat Feb 10, 2007 4:59 am

9 ;;; Web Proxy
chain=output protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no

wifipn · Sat Feb 10, 2007 8:13 am

Doesn't work... Web Proxy goes but traffic still going through P2P gateway...

NAT:

0 ;;; LAN -> WAN
chain=srcnat src-address=172.31.0.0/16 action=masquerade

1 ;;; uTorrent (Adam Shaw)
chain=dstnat protocol=tcp dst-port=100 action=dst-nat
to-addresses=172.31.0.1 to-ports=100

2 ;;; uTorrent (Max Annear)
chain=dstnat protocol=tcp dst-port=101 action=dst-nat
to-addresses=172.31.0.4 to-ports=101

3 ;;; uTorrent (Jonathan Dix)
chain=dstnat protocol=tcp dst-port=102 action=dst-nat
to-addresses=172.31.0.6 to-ports=102

4 ;;; Web Proxy
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

Mangle:

0 ;;; HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no

1 ;;; POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=110
action=mark-routing new-routing-mark=Web passthrough=no

2 ;;; FTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=21
action=mark-routing new-routing-mark=Web passthrough=no

3 ;;; SMTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=25
action=mark-routing new-routing-mark=Web passthrough=no

4 ;;; MSN Messenger
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=Web passthrough=no

5 ;;; Remote Desktop
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=3389
action=mark-routing new-routing-mark=Web passthrough=no

6 ;;; Secure POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=995
action=mark-routing new-routing-mark=Web passthrough=no

7 ;;; SSL Layer
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=443
action=mark-routing new-routing-mark=Web passthrough=no

8 ;;; SHOUTcast
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=8000
action=mark-routing new-routing-mark=Web passthrough=no

9 ;;; Web Proxy
chain=output src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no

What is going on?!?! lol

valens · Sat Feb 10, 2007 12:39 pm

don't use source address.
please see my post before.

wifipn · Sat Feb 10, 2007 11:38 pm

Ok I removed the source address from the mangle but now pages don't load - I can see packet count increasing but pages stay at Waiting for reply.. and never load...Grrr!!

valens · Sun Feb 11, 2007 4:13 am

do you remove src-address for all rules ?
remove only for mangle #9 ... web-proxy.

wifipn · Sun Feb 11, 2007 4:51 am

Yeah all the other mangle rules have the src address except web proxy one - still no work..

wifipn · Mon Feb 12, 2007 10:10 pm

HELP!

wifipn · Fri Feb 16, 2007 1:18 am

forgetting about Web Proxy, I upgraded to beta3 and now the Web traffic doesn't go through the right gateway, no options have changed and suddenl no worky... what's happened? Packet count is going up but its the wrong gateway?!

wifipn · Fri Feb 16, 2007 9:05 am

Ok nevermind I downgraded and it works fine now - so now back to the Web Proxy not working problem.. Any suggestions guys? When I set the mangle rule for Web Proxy, all it says is "Waiting for reply..." and the page never loads... ideas?

wifipn · Fri Feb 16, 2007 9:19 am

NAT rules:

0 ;;; LAN -> WAN
chain=srcnat src-address=172.31.0.0/16 action=masquerade

1 ;;; uTorrent (Adam Shaw)
chain=dstnat protocol=tcp dst-port=100 action=dst-nat
to-addresses=172.31.0.1 to-ports=100

2 ;;; uTorrent (Max Annear)
chain=dstnat protocol=tcp dst-port=101 action=dst-nat
to-addresses=172.31.0.4 to-ports=101

3 ;;; uTorrent (Jonathan Dix)
chain=dstnat protocol=tcp dst-port=102 action=dst-nat
to-addresses=172.31.0.6 to-ports=102

4 ;;; Web Proxy
chain=dstnat src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=8080

Mangle rules:

0 ;;; HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no

1 ;;; POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=110
action=mark-routing new-routing-mark=Web passthrough=no

2 ;;; FTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=21
action=mark-routing new-routing-mark=Web passthrough=no

3 ;;; SMTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=25
action=mark-routing new-routing-mark=Web passthrough=no

4 ;;; MSN Messenger
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=Web passthrough=no

5 ;;; Remote Desktop
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=3389
action=mark-routing new-routing-mark=Web passthrough=no

6 ;;; Secure POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=995
action=mark-routing new-routing-mark=Web passthrough=no

7 ;;; Secure HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=443
action=mark-routing new-routing-mark=Web passthrough=no

8 ;;; SHOUTcast
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=8000
action=mark-routing new-routing-mark=Web passthrough=no

9 ;;; NetBIOS
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=139
action=mark-routing new-routing-mark=Web passthrough=no

10 chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=445
action=mark-routing new-routing-mark=Web passthrough=no

11 chain=prerouting src-address=172.31.0.0/16 protocol=udp dst-port=137
action=mark-routing new-routing-mark=Web passthrough=no

12 chain=prerouting src-address=172.31.0.0/16 protocol=udp dst-port=138
action=mark-routing new-routing-mark=Web passthrough=no

13 ;;; Web Proxy
chain=output protocol=tcp dst-port=80 action=mark-routing
new-routing-mark=Web passthrough=no

ozcar2k7 · Mon Jan 28, 2008 5:06 am

First disable rule number 0 on mangle.
Then, you need add this too
14 ;;; DNS
chain=output protocol=udp dst-port=53 action=mark-routing
new-routing-mark=Web passthrough=no

Don't forget DNS servers in IP/DNS

Your clients must use mtk gateway as DNS server
IP=172.31.0.X
Subnet mask=255.255.0.0
Gateway=RouterOS IP

DNS=RouterOS IP

I hope this can help

saludos

Oscar

2 Gateways - How to redirect traffic

2 Gateways - How to redirect traffic

Ahhh help?

Argh!

I tried

Sorry

Sorry..

UPDATE!

FYI

Little more

Yes

Help?

Is this what you were after?

Ok

Re: 2 Gateways - How to redirect traffic

Who is online