Page 1 of 1
Can not connect to router (using NTH load balancing)
Posted: Tue Sep 01, 2009 4:40 pm
by n2m
Hello, i can not reach other network routers, only the main one, because im using NTH load balancing.
Can anyone help me solve this problem?
Thank you in advance.
Re: Can not connect to router (using NTH load balancing)
Posted: Tue Sep 01, 2009 7:06 pm
by Chupaka
should we guess your network confiruration?
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 12:03 am
by n2m
No you should guess but you should know that (like i told) im using NTH load balancing and when i mark new unseen local addresses then i can reach nothing within my network.
/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=mark new unseen action=add-src-to-address-list address-list=first
address-list-timeout=0s nth=2,1
1 chain=mark new unseen action=add-src-to-address-list address-list=second
address-list-timeout=0s nth=2,2
2 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s
3 chain=mark new unseen action=jump jump-target=mark connection
4 chain=mark connection action=mark-connection
new-connection-mark=first_conn passthrough=yes src-address-list=first
5 chain=mark connection action=mark-connection
new-connection-mark=second_conn passthrough=yes src-address-list=second
6 chain=mark connection action=mark-routing new-routing-mark=first
passthrough=no connection-mark=first_conn
7 chain=mark connection action=mark-routing new-routing-mark=second
passthrough=no connection-mark=second_conn
8 chain=prerouting action=mark-routing new-routing-mark=first passthrough=n>
src-address-list=first connection-mark=first_conn
9 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=no src-address-list=second connection-mark=second_conn
10 chain=prerouting action=jump jump-target=mark connection
connection-state=new src-address-list=local
11 chain=prerouting action=jump jump-target=mark new unseen
connection-state=new src-address-list=local
/ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=isp1
1 chain=srcnat action=masquerade out-interface=isp2
/ip firewall address-list> pr
Flags: X - disabled, D - dynamic
# LIST ADDRESS
3 local 192.168.0.0/24
4 local 192.168.1.0/24
5 local 192.168.2.0/24
6 local 172.16.1.0/24
7 local 10.0.0.0/24
Thanks.
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 12:29 am
by Chupaka
in firewall, remove 6,7
then move 11th above 10th and 8,9 below 10th
then add 'dst-address-list=!local' to 10th and 11th
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 12:53 am
by n2m
Thank you, its working good now.
If you can tell mes a good solution to join the two wans together to be able to get the speed of the two. ECMP is not working.
How can i achieve it.
Thanks.
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 9:28 am
by mrz
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 1:58 pm
by n2m
Yes i have tried PCC before. This is my configuration. BUT it doesnt join the two networks, so i can not get the full speed of the two connections.
And i can not reach other devices with PCC enabled, i can not remote desktop a local windows box.
/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
12 chain=input action=mark-connection new-connection-mark=first_conn
passthrough=yes in-interface=ISP1
13 chain=input action=mark-connection new-connection-mark=second_conn
passthrough=yes in-interface=ISP2
14 chain=output action=mark-routing new-routing-mark=first passthrough=yes
connection-mark=first_conn
15 chain=output action=mark-routing new-routing-mark=second passthrough=yes
connection-mark=second_conn
16 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN1
17 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN2
18 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN3
19 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN4
20 chain=prerouting action=accept dst-address=x.x.x.x/29
in-interface=LAN5
21 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN1
22 chain=prerouting action=accept dst-address=y.y.y.y
in-interface=LAN2
23 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN3
24 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN4
25 chain=prerouting action=accept dst-address=y.y.y.y in-interface=LAN5
26 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN1
per-connection-classifier=both-addresses:2/0
27 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN2
per-connection-classifier=both-addresses:2/0
28 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN3
per-connection-classifier=both-addresses:2/0
29 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN4
per-connection-classifier=both-addresses:2/0
30 chain=prerouting action=mark-connection new-connection-mark=first_conn
passthrough=yes dst-address-type=!local in-interface=LAN5
per-connection-classifier=both-addresses:2/0
31 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN1
per-connection-classifier=both-addresses:2/1
32 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN2
per-connection-classifier=both-addresses:2/1
33 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN3
per-connection-classifier=both-addresses:2/1
34 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN4
per-connection-classifier=both-addresses:2/1
35 chain=prerouting action=mark-connection new-connection-mark=second_conn
passthrough=yes dst-address-type=!local in-interface=LAN5
per-connection-classifier=both-addresses:2/1
36 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN1 connection-mark=fisrt_conn
37 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN2 connection-mark=fisrt_conn
38 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN3 connection-mark=fisrt_conn
39 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN4 connection-mark=fisrt_conn
40 chain=prerouting action=mark-routing new-routing-mark=first
passthrough=yes in-interface=LAN5 connection-mark=fisrt_conn
41 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN1 connection-mark=second_conn
42 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAn2 connection-mark=second_conn
43 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN3 connection-mark=second_conn
44 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN4 connection-mark=second_conn
45 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=yes in-interface=LAN5 connection-mark=second_conn
I have followed you guides(NTH) Chupaka and i can reach other routers on my network, and i can reach other devices with local address, but i can not reach other devices(routers yes) with public address, ex. i have dst-nated port 3389 to a local windows box for remote desktop but i can not connect to ip using public address.
This is the currect config.
/ip firewall mangle> pr
Flags: - disabled, I - invalid, D - dynamic
1 chain=mark new unseen action=add-src-to-address-list address-list=second
address-list-timeout=0s nth=2,2
2 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s
3 chain=mark new unseen action=jump jump-target=mark connection
4 chain=mark connection action=mark-connection
new-connection-mark=first_conn passthrough=yes src-address-list=first
5 chain=mark connection action=mark-connection
new-connection-mark=second_conn passthrough=yes src-address-list=second
6 X chain=mark connection action=mark-routing new-routing-mark=first
passthrough=no connection-mark=first_conn
7 X chain=mark connection action=mark-routing new-routing-mark=second
passthrough=no connection-mark=second_conn
8 chain=prerouting action=jump jump-target=mark new unseen
connection-state=new src-address-list=local
9 chain=prerouting action=mark-routing new-routing-mark=first passthrough=n>
src-address-list=first connection-mark=first_conn
10 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=no src-address-list=second dst-address-list=!local
connection-mark=second_conn
11 chain=prerouting action=jump jump-target=mark connection
connection-state=new src-address-list=local dst-address-list=!local
Dont be counfused, im disabling one config before enabling the other.
Thank you.
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 2:22 pm
by Chupaka
at first, if you're using NAT, you cannot get full speed of your both connections. each tcp connection will get maximum of one line. it's what load-balancing is.
I have followed you guides(NTH) Chupaka and i can reach other routers on my network, and i can reach other devices with local address, but i can not reach other devices(routers yes) with public address, ex. i have dst-nated port 3389 to a local windows box for remote desktop but i can not connect to ip using public address.
This is the currect config.
/ip firewall mangle> pr
Flags: - disabled, I - invalid, D - dynamic
1 chain=mark new unseen action=add-src-to-address-list address-list=second
address-list-timeout=0s nth=2,2
2 chain=mark new unseen action=add-src-to-address-list address-list=seen
address-list-timeout=0s
3 chain=mark new unseen action=jump jump-target=mark connection
4 chain=mark connection action=mark-connection
new-connection-mark=first_conn passthrough=yes src-address-list=first
5 chain=mark connection action=mark-connection
new-connection-mark=second_conn passthrough=yes src-address-list=second
6 X chain=mark connection action=mark-routing new-routing-mark=first
passthrough=no connection-mark=first_conn
7 X chain=mark connection action=mark-routing new-routing-mark=second
passthrough=no connection-mark=second_conn
8 chain=prerouting action=jump jump-target=mark new unseen
connection-state=new src-address-list=local
9 chain=prerouting action=mark-routing new-routing-mark=first passthrough=n>
src-address-list=first connection-mark=first_conn
10 chain=prerouting action=mark-routing new-routing-mark=second
passthrough=no src-address-list=second dst-address-list=!local
connection-mark=second_conn
11 chain=prerouting action=jump jump-target=mark connection
connection-state=new src-address-list=local dst-address-list=!local
Dont be counfused, im disabling one config before enabling the other.
Thank you.
where's NTH 2,1? and why 11th rule is not before 9th and 10th? and you do not need 3, afaics =)
anyway, you just need to mark all incoming connections from Internet with corresponding mark. something like
chain=mark connection in-interface=your_first_connection action=mark-connection new-connection-mark=first_conn
chain=mark connection in-interface=your_second_connection action=mark-connection new-connection-mark=second_conn
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 3:28 pm
by n2m
When i set the in interfaces to mark-connection the routing tables dont work, only the main one works and the internet comes just from one interface. Also i can reach the windows box with public address when i set the in interfaces but can not when i remove in interfaces.
0 chain=mark new unseen action=add-src-to-address-list address-list=first address-list-timeout=0s nth=2,1
1 chain=mark new unseen action=add-src-to-address-list address-list=second address-list-timeout=0s nth=2,2
2 chain=mark new unseen action=add-src-to-address-list address-list=seen address-list-timeout=0s
3 X chain=mark new unseen action=jump jump-target=mark connection
4 chain=mark connection action=mark-connection new-connection-mark=first_conn passthrough=yes src-address-list=first in-interface=ISP1
5 chain=mark connection action=mark-connection new-connection-mark=second_conn passthrough=yes src-address-list=second in-interface=ISP2
6 X chain=mark connection action=mark-routing new-routing-mark=first passthrough=no connection-mark=first_conn
7 X chain=mark connection action=mark-routing new-routing-mark=second passthrough=no connection-mark=second_conn
8 chain=prerouting action=jump jump-target=mark new unseen connection-state=new src-address-list=local
9 chain=prerouting action=jump jump-target=mark connection connection-state=new src-address-list=local dst-address-list=!local
10 chain=prerouting action=mark-routing new-routing-mark=first passthrough=no src-address-list=first connection-mark=first_conn
11 chain=prerouting action=mark-routing new-routing-mark=second passthrough=no src-address-list=second dst-address-list=!local connection-mark=second_conn
Re: Can not connect to router (using NTH load balancing)
Posted: Wed Sep 02, 2009 4:08 pm
by Chupaka
chain=mark connection in-interface=your_first_connection action=mark-connection new-connection-mark=first_conn
chain=mark connection in-interface=your_second_connection action=mark-connection new-connection-mark=second_conn
this should be
added, not edited