MikroTik

I have two Wan's (PPPoE dial up from my x86 pc) wan1 has international traffic and wan 2 has local traffic only. I whish to split local and international traffic according to my local address list. I have created all the mangle rules and they work fine.
How do I go about routing the traffic to the relevant wan ? I have tried dstnat but this does not work.

This example shows exactly configuration you need
http://wiki.mikrotik.com/wiki/How_to_ap ... as_traffic

Thanx for the link. My problem is not with the mangle rules and I do not want to add a que. I need to direct international traffic to one ADSL line and local traffic to another ADSL line. Do I need to dstnat or route the traffic
These are my mangle rules:
add action=mark-connection chain=prerouting comment="SA Local Traffic" \
disabled=no dst-address-list=SA_Traffic new-connection-mark=\
sa-traffic-conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
sa-traffic-conn disabled=no dst-address-list=SA_Traffic new-packet-mark=\
sa-traffic-flow passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
sa-traffic-conn disabled=no dst-address-list=SA_Traffic new-routing-mark=\
sa-traffic-route packet-mark=sa-traffic-flow passthrough=yes
add action=mark-connection chain=prerouting comment="International Traffic" \
disabled=no dst-address-list=!SA_Traffic new-connection-mark=\
int-traffic-conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=\
int-traffic-conn disabled=no dst-address-list=!SA_Traffic \
new-packet-mark=int-traffic-flow passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
int-traffic-conn disabled=no dst-address-list=!SA_Traffic \
new-routing-mark=int-traffic-route packet-mark=int-traffic-flow \
passthrough=yes

Anything wrong???

Hi can anybody help me?????

1. mark connection
2. mark routing on that connection.
3. do routing on the routing mark.

no need to do packet mark.

Thanx!! I shal try that

This almost works. There is tx on the local interface but virtualy no rx. How now???

I did the following:

1. Configure as per the wiki
2. Connect ADSL #1 into ether1 and ADSL #2 into ether2
3. Configure pppoe-out2 (the local one) to connect using ether2

No need to mark packets because the static routing takes care of the split.

Thanx. Let me do that.

This will work, but I am having problems with my static routing as there can only be one default rule. Any suggestions??? I am using my Mikrotik main router to dial on the adsl lines with the modems in bridge mode. Ether 1 dials international and eather 6 local.

Hi

When I refer to the wiki I mean this page: http://wiki.mikrotik.com/wiki/Routing_l ... l_accounts

It makes provision for three seperate accounts but you just ignore the third one.

Seperate the physical network of your two adsl routers (which are in bridge mode) and run them into ether1 and ether2 respectively. The reason for this is because the concentrator name used by the ISP will be the same for both lines and your router may use either of them indiscriminately.... if you seperate the physical network on that level it has no choice.

Then configure your pppoe-out1 and pppoe-out2 to use the appropriate ethernet port to establish the pppoe connection

The routing is static and you only have a default route on international

The local routing is a result of all the individual static routes added over interface pppoe-out2

Thanx. This works perfectly!!

I did do the static routing but just for 2 accounts(1 international and 1 local), how do you do the port forwarding?. Xboxlive uses udp 3094 for communication. I tried to dstnat the local and the international pppoe for port 3074 on a local ip but it dont work. If somebody don't use split of traffic it work but if somebody uses something like routesentry i can not connect.
Normally I use international just to signin on live that is in England and use local to play against other south africans. But i need an open connection on both pppoe because i play international also. The weirdest thing if I disable the portforwarding on international i struggle to sign in on live but connect easy to local players but if i enable international dstnal i connect easy on live but not to friends

I would mark packets from the Xbox and force them out on the international connection. Then do port forwarding only on the international connection. Your Xbox will be visible on the international ip and all data to and from it will flow via that account irrespective the destination IP being local or international.

I would mark packets from the Xbox and force them out on the international connection. Then do port forwarding only on the international connection. Your Xbox will be visible on the international ip and all data to and from it will flow via that account irrespective the destination IP being local or international.

I use my adsl for gaming, If I mark that packets all traffic are going to go through my international adsl, I use about 5 gig of unshaped internet a month for gaming that roughly cost my R700 a month. With the split i,m back to 1 gig international and 4 gig local, what cost my R150. What I say to me is that is imposable to do that. I hoped it can be done.

I'm guessing the problem is related to the fact that when you host games your game will be listed on the index server using the ip address from which you connected (i.e. your intl) - when someone tries to connect they connect to the ip provided by the index/game server and when your xbox tries to respond it sends this data over local only because the destination falls within the network blocks routed over local only connection. Hence I suggested marking outgoing packets and routing them over the intl.

This should not be a problem if you join games hosted by others because in those cases the connection is most likely initiated from your network and the remote network is responding to the appropriate ip address being local or intl.

I'm not convinced that there is a way around this for hosting games on a local-only connection when the server you're connecting to is international and therefor referencing your intl ip address as the valid ip to which others players should connect. If it was a locally hosted game server, it would not be a problem.

I'm guessing the problem is related to the fact that when you host games your game will be listed on the index server using the ip address from which you connected (i.e. your intl) - when someone tries to connect they connect to the ip provided by the index/game server and when your xbox tries to respond it sends this data over local only because the destination falls within the network blocks routed over local only connection. Hence I suggested marking outgoing packets and routing them over the intl.

This should not be a problem if you join games hosted by others because in those cases the connection is most likely initiated from your network and the remote network is responding to the appropriate ip address being local or intl.

I'm not convinced that there is a way around this for hosting games on a local-only connection when the server you're connecting to is international and therefor referencing your intl ip address as the valid ip to which others players should connect. If it was a locally hosted game server, it would not be a problem.

I understand what u say, just to give a bit of background, Xbox live uses peer to peer communication not server communication. Xbox live only make the handshake but the rest happens at client level. PS3 is server based not xbox. If i am the only person in a game that uses split of data, the international player data goes though international and the local go through local, It works, but the problem comes when somebody else also split the data. It look like a person can not portforward 2 ppoe ports to the same internal ip. It looks if i port fortward 3074 on intl and local that only international portforward. what can explain why i can connect to live but local port is close for local gaming. If i disable the port forward on international i can connect but very slow on live but my portforward is then oper on local and i can play on local bandwidth. i can see how the traffic go through local pppoe. I don't know if i must put the xbox in an DMZ and i don't know how to configure a DMZ with dynamic ip isp. Andret thanks for your help. You must excuse my knowledge, i got the mikrotik about for a month. It worked on a ipcop pc firewall and also with routesentry with international on the router and a rasppoe on the pc. and share it with ICS. the problem is it is bulky and bought myself a rb750 because it is small and can do the same as ipcop and routesentry. Some of my friends do it on linksys router with dd-wrt firmware. I know there is a problem with the ddwrt because it can only port forward 1 port and that is why they put the xbox in the dmz. I think you got something but what i can not understand is why if i portforward on local only, we can connect and play.

When you join a game, how does Xbox know which IP to connect to?

When you join a game, how does Xbox know which IP to connect to?

I can not tell you anything, all i can tell you if i play international , i enable the portforward op my intl and if i play local i disable it and it works. I can not understand it because what you say make sense. The only thing i can think off is when i sign in with the port forward on my int and local what only international is open. is there a way to check if my local and intl is open. Every thing looks like an nat problem

I've never seen a Xbox before which is why I'm asking but I'm assuming that the game is at least connecting to some or the other service where a list of games is published ?

I've never seen a Xbox before which is why I'm asking but I'm assuming that the game is at least connecting to some or the other service where a list of games is published ?

You understand, me xbox dont know your ip adres, that is why xbox do the handshake and why all traffic must go through international because live got my international ip not local. Then i play with somebody with normal setup with 1 wan ip i sent an invite to live and he except it and i see how the traffic goes through axxess-local. ( if he is from south africa) . I played games where intl and local players and there were traffic on local and on international

You understand, me xbox dont know your ip adres, that is why xbox do the handshake and why all traffic must go through international because live got my international ip not local. Then i play with somebody with normal setup with 1 wan ip i sent an invite to live and he except it and i see how the traffic goes through axxess-local. ( if he is from south africa) . I played games where intl and local players and there were traffic on local and on international[/quote]

Seems I'm missing some crucial parts on how Xbox is hosting and joining games because if it works the way I understand it to then hosting games will be problematic but joining other games should be fine. Hosting, the way I understand it, can only work if you mark packets and send them over intl.

Perhaps someone else has a better insight on how to use Xbox on split routes with different gateways. Perhaps its more of a Xbox issue than a splitting of local/international issue - Anybody else doing this in South Africa?

/ip firewall mangle
add action=mark-connection chain=input comment="Mark adslINTL packets" disabled=no in-interface=adslINTL new-connection-mark=adslINTL passthrough=yes
add action=mark-connection chain=forward comment="Mark adslINTL packets" disabled=no in-interface=adslINTL new-connection-mark=adslINTL passthrough=yes
add action=mark-connection chain=prerouting comment="Mark adslINTL packets" disabled=no in-interface=adslINTL new-connection-mark=adslINTL passthrough=yes
add action=mark-routing chain=prerouting comment="if adslINTL mark coming from ether1, mark routing" connection-mark=adslINTL disabled=no in-interface=ether1 new-routing-mark=adslINTL passthrough=yes
add action=mark-routing chain=output comment="if adslINTL mark, mark routing" connection-mark=adslINTL disabled=no new-routing-mark=adslINTL passthrough=yes
/ip route
add comment="Route adslINTL packets via adslINTL" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=adslINTL routing-mark=adslINTL scope=30 target-scope=10



thank you
The problem is he drops me packets because I answer him on a local ip not my intl