Page 1 of 1
Load Balance, Multiwan with webproxy
Posted: Wed Jun 02, 2010 9:03 pm
by lukkes
I've read a lot of post asking how we can make a load balance and web proxy can use it, to many people say that it's not possible, but yes it is, only we need to do it's mark in the output the packets go to destination port 80 and assign a routing mark, thats it.
I you found this useful don't forget about the karma
http://forum.mikrotik.com/viewtopic.php?f=1&t=41148
Re: Load Balance, Multiwan with webproxy
Posted: Thu Jun 03, 2010 4:13 pm
by yinxiangyn
I've read a lot of post asking how we can make a load balance and web proxy can use it, to many people say that it's not possible, but yes it is, only we need to do it's mark in the output the packets go to destination port 80 and assign a routing mark, thats it.
I you found this useful don't forget about the karma
http://forum.mikrotik.com/viewtopic.php?f=1&t=41148
Very useful, hoho
Although not understand what Karma is, but I vote, thank you for your help!
Re: Load Balance, Multiwan with webproxy
Posted: Thu Jun 03, 2010 9:13 pm
by gtpro
Hi, I'm new to the forums but I have been reading them for a while, english is not my primary language.
Can you guys tell me how to set up the mangle rules to use the web proxy when I'm using PCC load balance.
This is my current set up.
/ ip address
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 interface=Local
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wan1
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wan2
add address=192.168.3.1/24 network=192.168.3.0 broadcast=192.168.3.255 interface=wan3
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0 \
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1 \
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2 \
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade
add chain=srcnat out-interface=wan3 action=masquerade
Thank you.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 4:40 am
by gtpro
Hi. Can you guys please tell me what exactly I need to put in the mangle rules to get my web proxy working with PCC load balancer. Thank You!!!
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 4:07 pm
by fewi
As stated in the original post, also mark in the 'output' chain rather than just in 'prerouting'.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 5:44 pm
by yinxiangyn
Hi, I'm new to the forums but I have been reading them for a while, english is not my primary language.
Can you guys tell me how to set up the mangle rules to use the web proxy when I'm using PCC load balance.
This is my current set up.
/ ip address
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 interface=Local
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wan1
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wan2
add address=192.168.3.1/24 network=192.168.3.0 broadcast=192.168.3.255 interface=wan3
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0 \
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1 \
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2 \
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade
add chain=srcnat out-interface=wan3 action=masquerade
Thank you.
My example above is wrong, I deleted it. Will cause problems.
Now, I adjusted it.
According to this do it.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 5:48 pm
by yinxiangyn
Destination port 80, also need to do load balancing.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 8:02 pm
by gtpro
I tried what you said but it does not work, I'm trying to get transparent web proxy to work. After I add the NAT rule to redirect traffic from port 80 to port 8080 of the proxy everything on the LAN stops, no packets can get through.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 10:17 pm
by yinxiangyn
I tried what you said but it does not work, I'm trying to get transparent web proxy to work. After I add the NAT rule to redirect traffic from port 80 to port 8080 of the proxy everything on the LAN stops, no packets can get through.
I am sure the above settings, in my RB450G, load balance、 web-proxy does work.
Just some of the details, I need to study.
Where the arrow mark, I do not know what use, but it does work.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 10:46 pm
by gtpro
Could it be because I'm not using pppoe over the wan side?
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 11:09 pm
by yinxiangyn
Could it be because I'm not using pppoe over the wan side?
I'm not sure, because I did not test such an environment.
All the web-proxy related, I have come to give you an example for reference.
Maybe other people see, and can give you recommendations.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 04, 2010 11:55 pm
by gtpro
I tried everything you said but it still does not work, I think the problem is that I'm using static addresses on the WAN side and not pppoe. I might try setting up the pppoe interfaces tonight.
Is this the right way to set it up?
/ ip firewall mangle
add chain=input in-interface=pppoe-out1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=pppoe-out2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=pppoe-out3 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0 \
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1 \
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2 \
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
/ ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out2 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out3 distance=3 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=pppoe-out1 action=masquerade
add chain=srcnat out-interface=pppoe-out2 action=masquerade
add chain=srcnat out-interface=pppoe-out3 action=masquerade
Any help would be appreciated!
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 05, 2010 12:35 am
by yinxiangyn
ip route
add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out1 routing-mark=to_pppoe-out1
add check-gateway=ping comment=adsl1 disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=pppoe-out1
/ip firewall mangle
add action=mark-connection chain=input comment="" \
disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn \
passthrough=yes
add action=mark-packet chain=output disabled=no dst-port=80 new-packet-mark=1 \
passthrough=yes per-connection-classifier=both-addresses:4/0 protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out1_conn \
disabled=no new-routing-mark=to_pppoe-out1 packet-mark=1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn \
disabled=no in-interface=LAN new-routing-mark=to_pppoe-out1 passthrough=\
yes
add action=mark-connection chain=prerouting comment="" \
disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=\
pppoe-out2_conn passthrough=yes per-connection-classifier=\
both-addresses:4/1
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=redirect chain=dstnat disabled=no dst-port=80 in-interface=LAN \
protocol=tcp to-ports=8080
This is my sample, PCC, WEB PROXY does work.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 05, 2010 12:50 am
by gtpro
I'm going to try your sample configuration late tonight or very early tomorrow morning and I will let you know how it goes.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 05, 2010 12:53 am
by yinxiangyn
I'm going to try your sample configuration late tonight or very early tomorrow morning and I will let you know how it goes.
I hope you succeed, and now, I'm going to bed.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 05, 2010 3:32 am
by gtpro
Before I try the setup I want that some one on this forum takes a look on this configuration so if there are any mistakes let me know please.
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yes
add action=mark-packet chain=output dst-port=80 new-packet-mark=1 passthrough=yes per-connection-classifier=both-addresses:3/0 \ protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out1_conn new-routing-mark=to_pppoe-out1 packet-mark=1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn in-interface=Local new-routing-mark=to_pppoe-out1 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=input in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yes
add action=mark-packet chain=output dst-port=80 new-packet-mark=2 passthrough=yes per-connection-classifier=both-addresses:3/1 \ protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out2_conn new-routing-mark=to_pppoe-out2 packet-mark=2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn in-interface=Local new-routing-mark=to_pppoe-out2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=input in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yes
add action=mark-packet chain=output dst-port=80 new-packet-mark=3 passthrough=yes per-connection-classifier=both-addresses:3/2 \ protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out3_conn new-routing-mark=to_pppoe-out3 packet-mark=3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn in-interface=Local new-routing-mark=to_pppoe-out3 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:3/2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=redirect chain=dstnat dst-port=80 in-interface=Local protocol=tcp to-ports=8080
ip route
add comment=adsl1 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1
add check-gateway=ping comment=adsl1 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
add comment=adsl2 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2
add check-gateway=ping comment=adsl2 distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2
add comment=adsl3 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3
add check-gateway=ping comment=adsl3 distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3
Re: Load Balance, Multiwan with webproxy
Posted: Mon Jun 07, 2010 11:47 am
by yinxiangyn
I use a few days, found that while using load balancing and web-proxy, sometimes leading to high CPU occupied, especially encountered when multi-threaded HTTP download.
Re: Load Balance, Multiwan with webproxy
Posted: Mon Jun 07, 2010 12:07 pm
by yinxiangyn
The most simple solution, in accordance with the example of doing so, as long as a rule. Other settings you do not need to make any changes.
But do have a flaw, that is browsing the Web and HTTP downloading when there is no load balancing, only work in a single line.
do not check the passthrough!!!
Re: Load Balance, Multiwan with webproxy
Posted: Mon Jun 07, 2010 11:03 pm
by gtpro
I think that having 3 pppoe with pcc and web proxy does not work well, I already tried it. Maybe web proxy only works with 1 wan
Re: Load Balance, Multiwan with webproxy
Posted: Tue Jun 08, 2010 7:41 pm
by gtpro
I'm using this configuration wiht static addresses on the wan sides, the web proxy works but it only uses one wan, is it not possible to use web proxy with PCC ??. If I disable the Redirect rule then all 3 wans are used. Anyone knows how to get PCC and web proxy working??
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection passthrough=yes new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection passthrough=yes new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection passthrough=yes new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing passthrough=yes new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing passthrough=yes new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing passthrough=yes new-routing-mark=to_wan3
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0 \
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1 \
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2 \
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing passthrough=yes new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing passthrough=yes new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing passthrough=yes new-routing-mark=to_wan3
chain=output action=mark-routing new-routing-mark=wan1 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/0
chain=output action=mark-routing new-routing-mark=wan2 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/1
chain=output action=mark-routing new-routing-mark=wan2 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/2
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
/ ip firewall nat
chain=dstnat action=redirect to-ports=3128 protocol=tcp in-interface=Local dst-port=80
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade
add chain=srcnat out-interface=wan3 action=masquerade
Re: Load Balance, Multiwan with webproxy
Posted: Tue Jun 08, 2010 7:52 pm
by fewi
chain=output action=mark-routing new-routing-mark=wan1 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/0
Why do you have the destination address qualifier in there? Traffic from the proxy to any given website isn't going to match that, so it's not going to be spread out. Remove those.
Also, your routing marks need to match the ones you're actually referring to in the routing statements.
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
That route fires on 'to_want1', but you're assigning something else: "new-routing-mark=wan1"
Edit: looking again you also have the output chain rules ordered wrong, and you have passthrough enabled on rules that shouldn't have it turned on. Remove everything from the mangle ruleset and try the below:
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection new-connection-mark=wan3_conn
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0 action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1 action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2 action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/2
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
Re: Load Balance, Multiwan with webproxy
Posted: Tue Jun 08, 2010 8:04 pm
by gtpro
Hi, thanks for replying, if I remove these lines:
chain=output action=mark-routing new-routing-mark=wan1 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/0
chain=output action=mark-routing new-routing-mark=wan2 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/1
chain=output action=mark-routing new-routing-mark=wan3 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/2
the web proxy stops working, how should I do it? I'm very new to the Mikrotik stuff, I was using WRT54GL's before this RB450G, pleases tell me how I should do it.
Re: Load Balance, Multiwan with webproxy
Posted: Tue Jun 08, 2010 8:06 pm
by fewi
Please see the edit above.
I don't know how to phrase this nicely and I promise I'm not trying to be mean, but which part of the wiki example (which has a detailed description of what the configuration parts do) do you have a hard time understanding? Maybe ask generic questions here instead of just for finished configuration so you can understand what the parts do.
Re: Load Balance, Multiwan with webproxy
Posted: Tue Jun 08, 2010 8:10 pm
by gtpro
I just saw your edited post, sorry, I'm going to try that and I will let you know, excuse my bad english.
Re: Load Balance, Multiwan with webproxy
Posted: Tue Jun 08, 2010 10:34 pm
by gtpro
Hey fewi just to let you know that with the configuration you posted it does not work, after I enable the nat redirect rule I cant access web pages, I fixed this
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/2
To this
add chain=output action=mark-connection new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add chain=output action=mark-connection new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add chain=output action=mark-connection new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=both-addresses:3/2
But still it does not work, I dont know what else to do to get it going right. Thank you Fewi.
Re: Load Balance, Multiwan with webproxy
Posted: Wed Jun 09, 2010 9:34 pm
by yinxiangyn
I think that having 3 pppoe with pcc and web proxy does not work well, I already tried it. Maybe web proxy only works with 1 wan
I mean just sometimes CPU load is high, but does not mean it does not work. This is normal.
You have not found a way it?
In fact, there are many ways to reach。
Another way, Example
Re: Load Balance, Multiwan with webproxy
Posted: Wed Jun 09, 2010 11:48 pm
by gtpro
Well it did not work with my setup, can you put all your mangle rules here.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 12:35 am
by bawolek
I have also problem with proxy and load-balancing,
I want to use redirect in proxy
/ip proxy access
add action=deny comment="" disabled=no redirect-to=x.x.x.x.x src-address=0.0.0.0/0
but when I turn this rule, browser has errors: "to many redirection" ....
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 12:48 am
by lukkes
you must put another line before that accepting the redirected site
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 2:56 am
by gtpro
Can someone please post all the mangle rules needed to get PCC and web proxy working.
This is my current configuration:
/ ip address
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 interface=Local
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wan1
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wan2
add address=192.168.3.1/24 network=192.168.3.0 broadcast=192.168.3.255 interface=wan3
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0 \
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1 \
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2 \
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade
add chain=srcnat out-interface=wan3 action=masquerade
I have tried adding these rules above my output rules:
/ip firewall mangle
add chain=output connection-mark=no-mark per-connection-classifier=both-addresses:3/0 \
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=output connection-mark=no-mark per-connection-classifier=both-addresses:3/1 \
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=output connection-mark=no-mark per-connection-classifier=both-addresses:3/2 \
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
But it does not work, after I add the Nat redirect rule I cannot browse web pages. So if any of you have PCC load balance and web proxy working please share your configuration.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 5:28 pm
by bawolek
you must put another line before that accepting the redirected site
thanks, one point karma is for you ;p
@gtpro im not sure but i think that is impossible to run web-proxy for more than one wan .... proxy works on one WAN, you can load-balance traffic to any output interfaces but traffic which goes thrue proxy is going by only one WAN
(maybe because is one process for cpu and use one routing table)
so you have to load-balance all traffic, but not http
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!80 in-interface=\
LAN new-connection-mark=dsl2_pol passthrough=yes per-connection-classifier=both-addresses:6/4 protocol=tcp
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 7:37 pm
by gtpro
Thanks Bawolek, I know what I will do next, I will buy another RB450G just to do the load balancing and a second RB450G just to do the web proxy, I think that will work.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 8:08 pm
by yinxiangyn
Thanks Bawolek, I know what I will do next, I will buy another RB450G just to do the load balancing and a second RB450G just to do the web proxy, I think that will work.
Just saw your reply
Believe me, do not do this, RB450G as WEB-PROXY is incompetent, SD card capacity is too small, CPU too weak. X86 should be more suitable.
My English is too bad, I hope not offend anyone. I also hope you can understand what I say.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 8:20 pm
by yinxiangyn
My own family use, 4X4M ADSL, even though I overclocked to 800MHz,If used together with load balancing and WEB-PROXY, sometimes 100% CPU load,If you use in the workplace, or commercial use, the number of users a lot of it, is obviously not suitable.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 8:52 pm
by yinxiangyn
Relative to the WIKI, I just made two changes, adding 80-port load balancing, and 80 ports are not marked.
And I can assure you, in my RB450G all normal. WEB-PROXY work in the four-line。
http://wiki.mikrotik.com/wiki/PCC#Appli ... _Balancing
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 9:15 pm
by bawolek
in my post Fri Jun 18, 2010 4:28 pm I forgot about UDP protocol ! ...
so @yinxiangyn in your config I think that you should add roules for udp
so you have roules 10,11,12,13 this roules mangle protocol TCP without port 80
but what about UDP ? ;p
if your proxy is working on 4 wan with yours config, that fact is very interesting
PS do not worry about your English, my English also is poor but I think everyone know what's going on ;p
greetings from Polish
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 9:29 pm
by gtpro
@ inxiangyn
Can you post here all the mangle rules you are using on that setup, my english is not good.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 11:34 pm
by yinxiangyn
OK Just a moment, I just finished watching the World Cup.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jun 18, 2010 11:58 pm
by gtpro
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:02 am
by yinxiangyn
/ip route
add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out1 routing-mark=to_pppoe-out1 scope=30 target-scope=10
add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out2 routing-mark=to_pppoe-out2 scope=30 target-scope=10
add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out3 routing-mark=to_pppoe-out3 scope=30 target-scope=10
add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out4 routing-mark=to_pppoe-out4 scope=30 target-scope=10
add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-out1 scope=30 target-scope=10
add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
pppoe-out2 scope=30 target-scope=10
add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
pppoe-out3 scope=30 target-scope=10
add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=\
pppoe-out4 scope=30 target-scope=10
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 \
new-connection-mark=pppoe-out1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 \
new-connection-mark=pppoe-out2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 \
new-connection-mark=pppoe-out3_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out4 \
new-connection-mark=pppoe-out4_conn passthrough=yes
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out1_conn passthrough=yes \
per-connection-classifier=both-addresses:4/0 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out2_conn passthrough=yes \
per-connection-classifier=both-addresses:4/1 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out3_conn passthrough=yes \
per-connection-classifier=both-addresses:4/2 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out4_conn passthrough=yes \
per-connection-classifier=both-addresses:4/3 protocol=tcp
add action=mark-connection chain=prerouting comment=\
"" disabled=no dst-address-type=\
!local dst-port=!80 in-interface=bridge1 new-connection-mark=\
pppoe-out1_conn passthrough=yes per-connection-classifier=\
both-addresses:4/0 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local dst-port=!80 in-interface=bridge1 new-connection-mark=\
pppoe-out2_conn passthrough=yes per-connection-classifier=\
both-addresses:4/1 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local dst-port=!80 in-interface=bridge1 new-connection-mark=\
pppoe-out3_conn passthrough=yes per-connection-classifier=\
both-addresses:4/2 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local dst-port=!80 in-interface=bridge1 new-connection-mark=\
pppoe-out4_conn passthrough=yes per-connection-classifier=\
both-addresses:4/3 protocol=tcp
add action=mark-routing chain=prerouting comment=\
"" connection-mark=pppoe-out1_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out1 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out2 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out3 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out4_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out4 \
passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out1_conn \
disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out2_conn \
disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out3_conn \
disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out4_conn \
disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out4
add action=redirect chain=dstnat disabled=no dst-port=80 in-interface=bridge1 \
protocol=tcp to-ports=3123
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=yes enabled=yes max-cache-size=398000KiB \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=3123 serialize-connections=\
no src-address=0.0.0.0
/ip proxy access
add action=allow disabled=no dst-port=80 src-address=192.168.13.0/24
/ip proxy cache
add action=allow disabled=no dst-port=80 src-address=192.168.13.0/24
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:09 am
by gtpro
Thank you
, I will try it as soon as I can and I will let you know.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:16 am
by yinxiangyn
Thank you
, I will try it as soon as I can and I will let you know.
interface
PS
When testing, temporary closure of the firewall filter
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:25 am
by gtpro
/ip proxy access
add action=allow disabled=no dst-port=80 src-address=192.168.13.0/24
/ip proxy cache
add action=allow disabled=no dst-port=80 src-address=192.168.13.0/24
Is this your local LAN 192.168.13.0/24 ?
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:29 am
by yinxiangyn
/ip proxy access
add action=allow disabled=no dst-port=80 src-address=192.168.13.0/24
/ip proxy cache
add action=allow disabled=no dst-port=80 src-address=192.168.13.0/24
Is this your local LAN 192.168.13.0/24 ?
yes
good luck
NO!
I forgot, is the bridge
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:53 am
by yinxiangyn
in my post Fri Jun 18, 2010 4:28 pm I forgot about UDP protocol ! ...
so @yinxiangyn in your config I think that you should add roules for udp
so you have roules 10,11,12,13 this roules mangle protocol TCP without port 80
but what about UDP ? ;p
if your proxy is working on 4 wan with yours config, that fact is very interesting
PS do not worry about your English, my English also is poor but I think everyone know what's going on ;p
greetings from Polish
Thank you for your greetings, my friend
why go to mark UDP? I do not quite understand.
For other purposes?
Maybe I will go to mark tcp 8080, because some site is using the tcp 8080, but I can not think of reasons to mark UDP.
Where do I understand wrong?
I am a photography enthusiast, WEB-PROXY for me, just as a picture memory.
Like to visit this site, a lot of pictures, I need to use WEB-PROXY, so I once again recall the time can quickly see the picture. It's that simple. ^ _ ^!
http://forum.xitek.com/showthread.php?threadid=734548
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 1:17 am
by bawolek
so... "UDP" maybe this is not good word...
I mean that yours rules not balance all traffic from clients,
but only tcp protocol (without port 80)
but what about for example UDP.... etc
for example this rule mark all traffic from clients....
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=dsl1_pol \
passthrough=yes per-connection-classifier=both-addresses:6/3
if you use "protocol=tcp dst-port=!80" then roule mark only tcp (without port 80) but rest traffic goes through by default gateway
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 1:29 am
by gtpro
After 15 minutes of trying your setup I can confirm that it WORKS yinxiangyn, it is balancing 3 wans and the web proxy is working. Thank You yinxiangyn
!
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 1:43 am
by yinxiangyn
After 15 minutes of trying your setup I can confirm that it WORKS yinxiangyn, it is balancing 3 wans and the web proxy is working. Thank You yinxiangyn
!
You're welcome, my friend.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 1:46 am
by yinxiangyn
so... "UDP" maybe this is not good word...
I mean that yours rules not balance all traffic from clients,
but only tcp protocol (without port 80)
but what about for example UDP.... etc
for example this rule mark all traffic from clients....
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=dsl1_pol \
passthrough=yes per-connection-classifier=both-addresses:6/3
if you use "protocol=tcp dst-port=!80" then roule mark only tcp (without port 80) but rest traffic goes through by default gateway
Thanks for your advice, my friend.
I probably know what you mean.
Maybe I'm just home use, some of the problems I have not noticed, but I will try.
My friend, you are right.
I misunderstood the "!" Means, thank you for reminding me.
Use of BIT-TORRENT software is easy to find the problem, I do not use a long time.
I will try to improve it.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 5:41 am
by yinxiangyn
After 15 minutes of trying your setup I can confirm that it WORKS yinxiangyn, it is balancing 3 wans and the web proxy is working. Thank You yinxiangyn
!
My friend, Thank you for your Karma, but I am wrong, while it does work, but some problems are not resolved. I hope I can solve it.
Without causing distress to you before,
stop using it.!!!
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 5:51 am
by gtpro
It is still working fine here, what kind of problems do you have?
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 6:15 am
by lukkes
you must put another line before that accepting the redirected site
thanks, one point karma is for you ;p
@gtpro im not sure but i think that is impossible to run web-proxy for more than one wan .... proxy works on one WAN, you can load-balance traffic to any output interfaces but traffic which goes thrue proxy is going by only one WAN
(maybe because is one process for cpu and use one routing table)
so you have to load-balance all traffic, but not http
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local dst-port=!80 in-interface=\
LAN new-connection-mark=dsl2_pol passthrough=yes per-connection-classifier=both-addresses:6/4 protocol=tcp
Thanks for the karma,
talking about proxy with many wan it works, i'm using it, you can make an speed test in
http://www.speakeasy.net/speedtest and if your router is balancig you willl see in this test because it download two files at same time.. just try
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 6:59 am
by yinxiangyn
It is still working fine here, what kind of problems do you have?
The use of TCP type of connection, no problem, load balancing, web browsing. Work well.
For example in the use of UDP type of connection will be a problem. Such as P2P software.
If NTH or src-address, src-port type of PCC, a simple solution.
Only in a both-addresses types of PCC, I need to learn.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 9:00 am
by yinxiangyn
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 10:41 am
by bawolek
@yinxiangyn my idea is still evolving
I think that better way is add accept before rule 10 for tcp 80 port
then in prerouting roules 10,11,12,13 will be the same pair of dst adres (and will be in the same mark)
now 10,11,12,13 rules creates one group of dst adres pair and 14,15,16,17 creates another pairs for rest of traffic
so it can hapen that the same group of adress will goes through not by the same WAN interfaces (for example tcp from client will goes through by pppoe1, and UDP from the same client (AND THE SAME ADDRESSES PAIR) will go through pppoe2 )
(because you markt the same adres in two steps: one for tcp (without 80 tcp), two for the rest of the traffic from the same address)
if you add accept for 80 tcp, you will not need a 14,15,16,17 rules
and 10,11,12,13 will look:
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=dsl1_pol \
passthrough=yes per-connection-classifier=both-addresses:6/3
I hope that I wrote is understandable ;p
greet
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 11:46 am
by yinxiangyn
@yinxiangyn my idea is still evolving
I think that better way is add accept before rule 10 for tcp 80 port
then in prerouting roules 10,11,12,13 will be the same pair of dst adres (and will be in the same mark)
now 10,11,12,13 rules creates one group of dst adres pair and 14,15,16,17 creates another pairs for rest of traffic
so it can hapen that the same group of adress will goes through not by the same WAN interfaces (for example tcp from client will goes through by pppoe1, and UDP from the same client (AND THE SAME ADDRESSES PAIR) will go through pppoe2 )
(because you markt the same adres in two steps: one for tcp (without 80 tcp), two for the rest of the traffic from the same address)
if you add accept for 80 tcp, you will not need a 14,15,16,17 rules
and 10,11,12,13 will look:
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=dsl1_pol \
passthrough=yes per-connection-classifier=both-addresses:6/3
I hope that I wrote is understandable ;p
greet
My friend, a good idea, although I can not 100% understand your intentions, because the language.
But generally I can understand. And I'm going to try
This is your intention to it?
PS
No matter if it is a white cat or a black cat, a cat that can catch rats is a good cat!
Chinese Proverb,Hope you like it.
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 12:29 pm
by bawolek
exactly, precisely what I meant
I think this is a correct solution, in your previous mark rules, aplications (from the same client) that use more than ones protocol (for example TCP + UDP) may goes through not to the same pppoe interface, .............. now they goes though to the same pppoe interface
PS the great proverb but ;p
for example I like cats, who are larger and faster to catch rats, than other cats
greet
Re: Load Balance, Multiwan with webproxy
Posted: Sat Jun 19, 2010 1:08 pm
by yinxiangyn
Anyway, will not be Garfield
and
@gtpro
use this
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 \
new-connection-mark=pppoe-out1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 \
new-connection-mark=pppoe-out2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 \
new-connection-mark=pppoe-out3_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out4 \
new-connection-mark=pppoe-out4_conn passthrough=yes
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out1_conn passthrough=yes \
per-connection-classifier=both-addresses:4/0 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out2_conn passthrough=yes \
per-connection-classifier=both-addresses:4/1 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out3_conn passthrough=yes \
per-connection-classifier=both-addresses:4/2 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out4_conn passthrough=yes \
per-connection-classifier=both-addresses:4/3 protocol=tcp
add action=accept chain=prerouting disabled=no dst-port=80 in-interface=\
bridge1 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out1_conn \
passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out2_conn \
passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out3_conn \
passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out4_conn \
passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out1 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out2 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out3 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out4_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out4 \
passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out1_conn \
disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out2_conn \
disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out3_conn \
disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out4_conn \
disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes
See you, my friends, I have to see the football game.
Re: Load Balance, Multiwan with webproxy
Posted: Mon Sep 06, 2010 10:41 pm
by kazanova
Re: Load Balance, Multiwan with webproxy
Posted: Tue Sep 28, 2010 1:57 pm
by Michel
Sorry that I post again (I do not see my postings, they are waiting to approve)
My IPSEC connection has now problems with the routing mark, because it breaks the secure packets.
echo: ipsec invalid length of payload
echo: ipsec failed to pre-process packet.
/ ip route
add comment=adsl1 disabled=no distance=1 dst-address=IP gateway=\
pppoe-out1 routing-mark=to_pppoe-out1
If I disable the mark, than all is fine again. Any hints ?
Re: Load Balance, Multiwan with webproxy
Posted: Wed Sep 29, 2010 2:15 pm
by lukkes
set prerouting rule over the others with the ipsec mark and action accept it will send all packets to the default gateway and will not use the balance, also you can do it with all that breaks with the balance, https, msn, etc
Re: Load Balance, Multiwan with webproxy
Posted: Thu Sep 30, 2010 11:07 am
by Michel
Thank you very much, it works now.
Re: Load Balance, Multiwan with webproxy
Posted: Fri Jul 22, 2011 11:32 pm
by vic_s
Hello, i am trying to get a load balance pcc with an external webproxy which is connected to a different interface which is not the lan interface, and i cant get it to work.
I used the last configuration posted :
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=pppoe-out1 \
new-connection-mark=pppoe-out1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out2 \
new-connection-mark=pppoe-out2_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out3 \
new-connection-mark=pppoe-out3_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=pppoe-out4 \
new-connection-mark=pppoe-out4_conn passthrough=yes
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out1_conn passthrough=yes \
per-connection-classifier=both-addresses:4/0 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out2_conn passthrough=yes \
per-connection-classifier=both-addresses:4/1 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out3_conn passthrough=yes \
per-connection-classifier=both-addresses:4/2 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 \
new-connection-mark=pppoe-out4_conn passthrough=yes \
per-connection-classifier=both-addresses:4/3 protocol=tcp
add action=accept chain=prerouting disabled=no dst-port=80 in-interface=\
bridge1 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out1_conn \
passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out2_conn \
passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out3_conn \
passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=\
!local in-interface=bridge1 new-connection-mark=pppoe-out4_conn \
passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out1 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out2 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out3 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out4_conn \
disabled=no in-interface=bridge1 new-routing-mark=to_pppoe-out4 \
passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out1_conn \
disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out2_conn \
disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out3_conn \
disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes
add action=mark-routing chain=output connection-mark=pppoe-out4_conn \
disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes
It works, but all the proxy http traffic gets to the internet by the default route, so the http its not loadbalanced.
Does anyone have an idea?
Re: Load Balance, Multiwan with webproxy
Posted: Mon Oct 21, 2013 10:33 am
by tate
pless help not working PCC Proxy
/ip address
add address=192.168.1.1/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.0.1/24 disabled=no interface=WAN2 network=192.168.0.0
add address=192.168.5.1/24 disabled=no interface=Local network=192.168.5.0
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=yes enabled=yes max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=output comment="Marking Web Proxy Connection for WAN-1" disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=output comment="Marking Web Proxy Connection for WAN-2" disabled=no dst-port=80 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment="Excluding Port 80 from PCC - WAN1" disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting comment="Excluding Port 80 from PCC - WAN2" disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no in-interface=Local new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no in-interface=Local new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=Local
add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24 in-interface=Local
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade WAN1 Traffic" disabled=no out-interface=WAN1
add action=masquerade chain=srcnat comment="Masquerade WAN2 Traffic" disabled=no out-interface=WAN2
add action=redirect chain=dstnat comment="Redirect port 80 request to Mikrotik Web Proxy" disabled=no dst-port=80 protocol=tcp to-ports=8080
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-mark=to_WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
Re: Load Balance, Multiwan with webproxy
Posted: Wed Dec 16, 2015 8:08 pm
by ionutcyd
Hi there,
I'm trying to help a fiend of mine,
He has 3 providers and he uses load balancing . the problem is that the mikrotik is changing the ip every 10-15 seconds and the users complain that can't access internet banking and can't log on web servers . Is there anything that he can do to ?? I hope that you understood the problem . i'm not in the business and his english is not that good
Thanks a lot
Johnny