hello,
i've got some problems with load balancing and netbanking (or other "safe" websites)
you'll run in a timeout while logging in
its also not possible to order something on this website(some other webshops got the same problem too):
https://www.global-print.com
disabling load balancing on port 443 do the thing, but i don't think thats the right way way to solve the problem
thats my mangle configuration right now:
/ip firewall mangle
###disable load balancing on ftp####
add action=mark-connection chain=prerouting comment="route ftp to adsl " \
dst-port=21,22 new-connection-mark=ftp_wan_3 passthrough=yes protocol=tcp \
src-address-list=ftp_user
add action=mark-packet chain=prerouting comment="route ftp to adsl " \
connection-mark=ftp_wan_2 new-packet-mark=ftp_packet passthrough=yes
add action=mark-routing chain=prerouting comment="route ftp to adsl " \
new-routing-mark=to_WAN2 packet-mark=ftp_packet passthrough=no
###mark input#####
add action=mark-connection chain=input comment="mark input wan 1" \
in-interface=ether1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment="mark input wan 2" \
in-interface=ether2 new-connection-mark=WAN2_conn passthrough=yes
###route input to ouptut######
add action=mark-routing chain=output comment="route input/output wan1" \
connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment="route input/output wan2" \
connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
###split traffic####
add action=mark-connection chain=prerouting comment="split traffic wan 1" \
dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=!both-addresses-and-ports:2/0 src-address-list=\
lan
add action=mark-connection chain=prerouting comment="split traffic wan 2" \
dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=!both-addresses-and-ports:2/1 src-address-list=\
lan
###mark packets####
add action=mark-packet chain=prerouting comment=wan1-packet-mark \
connection-mark=WAN1_conn new-packet-mark=wan1-packet passthrough=yes
add action=mark-packet chain=prerouting comment=wan2-packet-mark \
connection-mark=WAN2_conn new-packet-mark=wan2-packet passthrough=yes
##route traffic#####
add action=mark-routing chain=prerouting comment="route to wan 1" \
new-routing-mark=to_WAN1 packet-mark=wan1-packet passthrough=yes
add action=mark-routing chain=prerouting comment="route to wan 2" \
new-routing-mark=to_WAN2 packet-mark=wan2-packet passthrough=yes
Re: load balancing and netbanking
A wild guess is that you would have to modify the load balancing rules in such a way that the same client PC would set up all its https sessions from the same public IP address, because the only mechanism I can imagine is that the server uses cookies to check exactly that, i.e. that all sessions from the same client come from the same IP address.