Page 1 of 1
2 Gateways - How to redirect traffic
Posted: Tue Feb 06, 2007 11:33 am
by wifipn
I have 2x ADSL lines:
Ihug (P2P) - 10.1.1.3 - gateway: 10.1.1.1
Ihug (Web) - 192.168.1.3 - gateway: 192.168.1.1
I want to have all normal web traffic going through Ihug (Web) gateway and all P2P traffic going through Ihug (P2P) gateway - can someone walk me through the steps in doing this?
*Newbie*
Posted: Tue Feb 06, 2007 12:14 pm
by sergejs
Policy-routing should be used, add two gateways to 'ip router'.
Default gateway is gateway, where should be p2p traffic routed.
Alternative gateway with 'routing-mark' option, where another should be forwarded. Routing-mark is assigned in mangle, you can forward HTTP or other traffic.
Ahhh help?
Posted: Tue Feb 06, 2007 12:16 pm
by wifipn
Little more in depth please
Posted: Tue Feb 06, 2007 12:18 pm
by sergejs
Policy-routing examples is shown here,
http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways
you need to transform it to the respective configuration.
Note, p2p traffic has to be router over default gateway without 'routing-mark' option.
Argh!
Posted: Tue Feb 06, 2007 12:45 pm
by wifipn
Doesn't seem to work - what am I doing wrong?
I tried
Posted: Tue Feb 06, 2007 12:50 pm
by wifipn
the example and no traffic! Garrgh!
Sorry
Posted: Tue Feb 06, 2007 12:52 pm
by wifipn
that previous message was suppose to say I followed the example and no traffic!
Posted: Tue Feb 06, 2007 12:54 pm
by sergejs
As I wrote, you need to correct example to your situation.
If you will look and read carefuly configuration example, it provides explanation how to router one half of users trough one gateway and other half trough another gateway.
You have to use mangle routing-mark for HTTP traffic and redirect over gateway with 'routing-mark'.
Sorry..
Posted: Tue Feb 06, 2007 9:02 pm
by wifipn
It still doesn't seem to be wokring, can you please send me examples with the gateways I provided in first message?
UPDATE!
Posted: Tue Feb 06, 2007 10:10 pm
by wifipn
I managed to get it working, with some ports being directed through one gateway (80,110,25,21,1863,3389) and everything else for P2P gateway.
Problem is, the Web Proxy which I use for cache is no longer being directed through the correct gateway.. When I turn the web proxy on all HTTP traffic goes through the P2P gateway - any ideas?
FYI
Posted: Tue Feb 06, 2007 11:45 pm
by wifipn
The web proxy runs on port 8080... please help!
Posted: Wed Feb 07, 2007 8:32 am
by sergejs
Try to mark proxy packets in chain=output.
Little more
Posted: Wed Feb 07, 2007 8:39 am
by wifipn
explanation please?
Posted: Wed Feb 07, 2007 1:48 pm
by valens
Yes
Posted: Wed Feb 07, 2007 9:57 pm
by wifipn
I've read this and have got P2P going through the correct gateway and HTTP traffic through the other, just not sure how to make the Web Proxy work through the correct gateway.. if someone could give me an exact example, I would appreciate that! Web Proxy works through Port 8080 and needs to go through interface "Ihug (Web)
Help?
Posted: Thu Feb 08, 2007 10:49 pm
by wifipn
Newbie needs help! Help help!
Posted: Fri Feb 09, 2007 4:49 am
by valens
Post your mangle route-mark
Posted: Fri Feb 09, 2007 4:52 am
by wifipn
route-mark = web
Posted: Fri Feb 09, 2007 4:55 am
by valens
You need to post the complete rule of your mangle, in order us to help you.
It's really not enough to troubleshot while you only say "route-mark = web"
Is this what you were after?
Posted: Fri Feb 09, 2007 4:59 am
by wifipn
0 ;;; HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no
1 ;;; POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=110
action=mark-routing new-routing-mark=Web passthrough=no
2 ;;; FTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=21
action=mark-routing new-routing-mark=Web passthrough=no
3 ;;; SMTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=25
action=mark-routing new-routing-mark=Web passthrough=no
4 ;;; MSN Messenger
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=Web passthrough=no
5 ;;; Remote Desktop
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=3389
action=mark-routing new-routing-mark=Web passthrough=no
6 ;;; Secure POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=995
action=mark-routing new-routing-mark=Web passthrough=yes
7 ;;; SSL Layer
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=443
action=mark-routing new-routing-mark=Web passthrough=no
8 ;;; SHOUTcast
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=8000
action=mark-routing new-routing-mark=Web passthrough=no
Posted: Fri Feb 09, 2007 5:07 am
by wifipn
You need to post the complete rule of your mangle, in order us to help you.
It's really not enough to troubleshot while you only say "route-mark = web"
Well it is what you asked for wasn't it? route-mark=web - lol - Anyway above is the full print of my mangle rules, hope that helps..
Posted: Fri Feb 09, 2007 6:49 pm
by janisk
in chain=output set routing mark for your web proxy.
Posted: Fri Feb 09, 2007 11:00 pm
by wifipn
9 ;;; Web Proxy
chain=output src-address=172.31.0.0/16 protocol=tcp dst-port=8080
action=mark-routing new-routing-mark=Web passthrough=no
So that in mangle?
Posted: Fri Feb 09, 2007 11:03 pm
by wifipn
4 ;;; Web Proxy
chain=dstnat src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=8080
and that in NAT?
Posted: Fri Feb 09, 2007 11:07 pm
by wifipn
With the above combination, it makes the Web Proxy work but through the wrong gateway, also there are no packet counts in the mangle rule - like it's not even working... what have I done wrong?!
Posted: Sat Feb 10, 2007 4:59 am
by valens
9 ;;; Web Proxy
chain=output protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no
Posted: Sat Feb 10, 2007 8:13 am
by wifipn
Doesn't work... Web Proxy goes but traffic still going through P2P gateway...
NAT:
0 ;;; LAN -> WAN
chain=srcnat src-address=172.31.0.0/16 action=masquerade
1 ;;; uTorrent (Adam Shaw)
chain=dstnat protocol=tcp dst-port=100 action=dst-nat
to-addresses=172.31.0.1 to-ports=100
2 ;;; uTorrent (Max Annear)
chain=dstnat protocol=tcp dst-port=101 action=dst-nat
to-addresses=172.31.0.4 to-ports=101
3 ;;; uTorrent (Jonathan Dix)
chain=dstnat protocol=tcp dst-port=102 action=dst-nat
to-addresses=172.31.0.6 to-ports=102
4 ;;; Web Proxy
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
Mangle:
0 ;;; HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no
1 ;;; POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=110
action=mark-routing new-routing-mark=Web passthrough=no
2 ;;; FTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=21
action=mark-routing new-routing-mark=Web passthrough=no
3 ;;; SMTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=25
action=mark-routing new-routing-mark=Web passthrough=no
4 ;;; MSN Messenger
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=Web passthrough=no
5 ;;; Remote Desktop
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=3389
action=mark-routing new-routing-mark=Web passthrough=no
6 ;;; Secure POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=995
action=mark-routing new-routing-mark=Web passthrough=no
7 ;;; SSL Layer
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=443
action=mark-routing new-routing-mark=Web passthrough=no
8 ;;; SHOUTcast
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=8000
action=mark-routing new-routing-mark=Web passthrough=no
9 ;;; Web Proxy
chain=output src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no
What is going on?!?! lol
Posted: Sat Feb 10, 2007 12:39 pm
by valens
don't use source address.
please see my post before.
Posted: Sat Feb 10, 2007 11:38 pm
by wifipn
Ok I removed the source address from the mangle but now pages don't load - I can see packet count increasing but pages stay at Waiting for reply.. and never load...Grrr!!
Posted: Sun Feb 11, 2007 4:13 am
by valens
do you remove src-address for all rules ?
remove only for mangle #9 ... web-proxy.
Posted: Sun Feb 11, 2007 4:51 am
by wifipn
Yeah all the other mangle rules have the src address except web proxy one - still no work..
Posted: Mon Feb 12, 2007 10:10 pm
by wifipn
HELP!
Ok
Posted: Fri Feb 16, 2007 1:18 am
by wifipn
forgetting about Web Proxy, I upgraded to beta3 and now the Web traffic doesn't go through the right gateway, no options have changed and suddenl no worky... what's happened? Packet count is going up but its the wrong gateway?!
Posted: Fri Feb 16, 2007 9:05 am
by wifipn
Ok nevermind I downgraded and it works fine now - so now back to the Web Proxy not working problem.. Any suggestions guys? When I set the mangle rule for Web Proxy, all it says is "Waiting for reply..." and the page never loads... ideas?
Posted: Fri Feb 16, 2007 9:19 am
by wifipn
NAT rules:
0 ;;; LAN -> WAN
chain=srcnat src-address=172.31.0.0/16 action=masquerade
1 ;;; uTorrent (Adam Shaw)
chain=dstnat protocol=tcp dst-port=100 action=dst-nat
to-addresses=172.31.0.1 to-ports=100
2 ;;; uTorrent (Max Annear)
chain=dstnat protocol=tcp dst-port=101 action=dst-nat
to-addresses=172.31.0.4 to-ports=101
3 ;;; uTorrent (Jonathan Dix)
chain=dstnat protocol=tcp dst-port=102 action=dst-nat
to-addresses=172.31.0.6 to-ports=102
4 ;;; Web Proxy
chain=dstnat src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=8080
Mangle rules:
0 ;;; HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=80
action=mark-routing new-routing-mark=Web passthrough=no
1 ;;; POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=110
action=mark-routing new-routing-mark=Web passthrough=no
2 ;;; FTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=21
action=mark-routing new-routing-mark=Web passthrough=no
3 ;;; SMTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=25
action=mark-routing new-routing-mark=Web passthrough=no
4 ;;; MSN Messenger
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=Web passthrough=no
5 ;;; Remote Desktop
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=3389
action=mark-routing new-routing-mark=Web passthrough=no
6 ;;; Secure POP3
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=995
action=mark-routing new-routing-mark=Web passthrough=no
7 ;;; Secure HTTP
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=443
action=mark-routing new-routing-mark=Web passthrough=no
8 ;;; SHOUTcast
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=8000
action=mark-routing new-routing-mark=Web passthrough=no
9 ;;; NetBIOS
chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=139
action=mark-routing new-routing-mark=Web passthrough=no
10 chain=prerouting src-address=172.31.0.0/16 protocol=tcp dst-port=445
action=mark-routing new-routing-mark=Web passthrough=no
11 chain=prerouting src-address=172.31.0.0/16 protocol=udp dst-port=137
action=mark-routing new-routing-mark=Web passthrough=no
12 chain=prerouting src-address=172.31.0.0/16 protocol=udp dst-port=138
action=mark-routing new-routing-mark=Web passthrough=no
13 ;;; Web Proxy
chain=output protocol=tcp dst-port=80 action=mark-routing
new-routing-mark=Web passthrough=no
Re: 2 Gateways - How to redirect traffic
Posted: Mon Jan 28, 2008 5:06 am
by ozcar2k7
First disable rule number 0 on mangle.
Then, you need add this too
14 ;;; DNS
chain=output protocol=udp dst-port=53 action=mark-routing
new-routing-mark=Web passthrough=no
Don't forget DNS servers in IP/DNS
Your clients must use mtk gateway as DNS server
IP=172.31.0.X
Subnet mask=255.255.0.0
Gateway=RouterOS IP
DNS=RouterOS IP
I hope this can help
saludos
Oscar