Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

1 server 2 DSL lines

Locked
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

1 server 2 DSL lines

Tue Mar 13, 2012 5:21 pm

Hey everybody,

i've a problem. How can i reach the server at the same time via dsl line 1 and dsl line 2? This is the export of my firewall:
Code: Select all
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=\
    5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=spi comment="Bereits vorhandene Verbindungen akzeptieren" connection-state=established disabled=no
add action=accept chain=spi comment="Related Verbindugen akzeptieren (z.B. ICMP-Meldungen)" connection-state=related disabled=no
add action=drop chain=spi comment="Mikrotik Empfehlung: Pakete mit Invalid-Mark gleich loswerden" connection-state=invalid disabled=no
add action=return chain=spi comment="Zurueck, die restlichen Regeln sind Chain-spezifisch" disabled=no
add action=jump chain=forward disabled=no jump-target=spi
add action=accept chain=forward comment="PPTP-Negotiation erlauben" disabled=no dst-address=192.168.1.2 dst-port=1723 protocol=tcp
add action=accept chain=forward comment="GRE erlauben" disabled=no dst-address=192.168.1.2 protocol=gre
add action=accept chain=forward comment=Website disabled=no dst-address=192.168.1.2 dst-port=80 protocol=tcp
add action=accept chain=forward comment="Alles ueberall hin vom LAN erlauben" disabled=no in-interface=ether3
add action=drop chain=forward comment="Alles andere verwerfen" disabled=no
add action=jump chain=input disabled=no jump-target=spi
add action=accept chain=input comment="Ping immer annehmen" disabled=no icmp-options=8:0 protocol=icmp
add action=accept chain=input comment="Alles aus dem LAN annehmen" disabled=no in-interface=ether3
add action=drop chain=input comment="Alles andere verwerfen" disabled=no
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Client 1 ueber DSL B" disabled=no new-routing-mark=dslB passthrough=yes src-address=192.168.1.4-192.168.1.99
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT fuer DSL1" disabled=no out-interface=pppoe1
add action=masquerade chain=srcnat comment="NAT fuer DSL2" disabled=no out-interface=pppoe2
add action=masquerade chain=srcnat comment="-> Server NAT" disabled=no dst-address=192.168.1.0/24
add action=dst-nat chain=dstnat disabled=no dst-address=!192.168.1.3 dst-address-type=local dst-port=80 protocol=tcp to-addresses=192.168.1.2
add action=dst-nat chain=dstnat comment="PPTP Negotiation -> Server" disabled=no dst-address=!192.168.1.3 dst-address-type=local dst-port=1723 protocol=tcp to-addresses=192.168.1.2
add action=dst-nat chain=dstnat comment="GRE -> Server" disabled=no dst-address=!192.168.1.3 dst-address-type=local protocol=gre to-addresses=192.168.1.2
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
The server has the ip-adress 192.168.1.2 -> He goes via DSL1 (DSL A) in the internet. The server is reachable via the WAN-adress of DSL1, but not via WAN-adress of DSL2. But what's my mistake? Can someone help?

Thanks
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Tue Mar 13, 2012 8:21 pm

Are you trying to load balance or just have a fail over?

How are your routes setup?

Here is a load balancing example

01
/ip address
02
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
03
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
04
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
05

06
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
07

08
/ip firewall mangle
09
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
10
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
11

12
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
13
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
14

15
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
16
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
17

18
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
19
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
20

21
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
22
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
23

24
/ip route
25
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
26
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
27

28
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
29
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
30

31
/ip firewall nat
32
add chain=srcnat out-interface=WAN1 action=masquerade
33
add chain=srcnat out-interface=WAN2 action=masquerade
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Wed Mar 14, 2012 6:39 pm

load balance
How are your routes setup?
Code: Select all
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe2 routing-mark=dslB scope=10 target-scope=10
I've only one server (192.168.1.2), the server comes via DSL2 in the Internet (pppoe2). You can reach the server via the WAN-IP of pppoe2, but not via the WAN-IP of pppoe1. But why? I want that you can reach the webserver via both WAN-IPs at the same time.
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Wed Mar 14, 2012 10:38 pm

You need another route for pppoe1. Add your second gateway to that route.

As your routes are setup now you are only routing out of pppoe2.
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 3:34 pm

You mean
Code: Select all
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe1 scope=10 target-scope=10
or what? idk what u mean. sorry
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 4:22 pm

That would add it as a second route with the same distance. Edit your first route and just add the second gateway.
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 5:03 pm

Done!
Code: Select all
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe2,pppoe1 routing-mark=dslB scope=10 target-scope=10
But that destroys the policy based routing, because the pppoe1 is set as default, and now the server has the WAN-IP of pppoe1. Or do you know my mistake?
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 7:32 pm

Okay I am getting a little lost.

What is your /IP Address configuration?
What is your /IP Interface configuration?
What interface is the Server connected to?

Diagram would help.
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 8:04 pm

What is your /IP Address configuration?
Of my Computer?
192.168.1.101
What is your /IP Interface configuration?
pppoe1, because 192.168.1.100-192.168.1.199 --> pppoe1
What interface is the Server connected to?
Interface pppoe2
You do not have the required permissions to view the files attached to this post.
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 8:13 pm

When I am asking those questions with a / I am wanting you to use the terminal in the mikrotik router with the print command

Commands would be
/interface print
/ip address print

Here is an example of the output. This is from my mikrotik router.
0 ;;; Shield Office
192.168.0.1/24 192.168.0.0 Ether5-Out to Switch
1 ;;; Shield Main
192.168.1.1/24 192.168.1.0 vlan100
2 ;;; Shield Guest
192.168.2.1/24 192.168.2.0 vlan200
3 ;;; Shield Routable Guest
192.168.3.1/24 192.168.3.0 vlan300
4 D XX.XXX.101.213/21 XX.XXX.96.0 Ether1-Gateway-TW
5 D XXX.XX.210.116/32 XXX.XX.211.254 Ether2-PPPoE
6 ;;; Transparent Wep Proxy Address
192.168.254.1/32 192.168.254.1 Ether5-Out to Switch
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 8:31 pm

Okay so External clients cant reach the web server on your second DSL connection.

What is connected to in-interface=ether3 ?
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 8:48 pm

Sorry ;) ok

/interface print
Code: Select all
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                                                      TYPE               MTU L2MTU  MAX-L2MTU
 0  R  ether1                                                                    ether             1500  1598       4074
 1  R  ether2                                                                    ether             1500  1598       4074
 2  R  ether3                                                                    ether             1500  1598       4074
 3     ether4                                                                    ether             1500  1598       4074
 4     ether5                                                                    ether             1500  1598       4074
 5  R  ;;; Leitung 1
       pppoe1                                                                    pppoe-out         1492
 6  R  ;;; Leitung 2
       pppoe2                                                                    pppoe-out         1492
/ip address print
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                       
 0   ;;; LAN-IP
     192.168.1.3/24     192.168.1.0     ether3                                                                          
 1 D 93.233.77.51/32    87.186.224.45   pppoe1                                                                          
 2 D 87.164.124.254/32  217.0.116.80    pppoe2
Okay so External clients cant reach the web server on your second DSL connection.
You can reach the server via the second DSL connection (pppoe2), but not via the first DSL connection (pppoe1)
What is connected to in-interface=ether3 ?
On that port is the switch connected
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 10:25 pm

From what I can see it all looks perfectly fine. However I assume the issue must be with some vestigial firewall rule that is left over from before your changes.

what do you have under /ip firewall filter print
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 10:32 pm

Here is the export:
Code: Select all
/ip firewall filter
add action=accept chain=spi comment=\
    "Bereits vorhandene Verbindungen akzeptieren" connection-state=\
    established disabled=no
add action=accept chain=spi comment=\
    "Related Verbindugen akzeptieren (z.B. ICMP-Meldungen)" connection-state=\
    related disabled=no
add action=drop chain=spi comment=\
    "Mikrotik Empfehlung: Pakete mit Invalid-Mark gleich loswerden" \
    connection-state=invalid disabled=no
add action=return chain=spi comment=\
    "Zurueck, die restlichen Regeln sind Chain-spezifisch" disabled=no
add action=jump chain=forward disabled=no jump-target=spi
add action=accept chain=forward comment="PPTP-Negotiation erlauben" disabled=\
    no dst-address=192.168.1.2 dst-port=1723 protocol=tcp
add action=accept chain=forward comment="GRE erlauben" disabled=no \
    dst-address=192.168.1.2 protocol=gre
add action=accept chain=forward comment=Website disabled=no dst-address=\
    192.168.1.2 dst-port=80 protocol=tcp
add action=accept chain=forward comment="Alles ueberall hin vom LAN erlauben" \
    disabled=no in-interface=ether3
add action=drop chain=forward comment="Alles andere verwerfen" disabled=no
add action=jump chain=input disabled=no jump-target=spi
add action=accept chain=input comment="Ping immer annehmen" disabled=no \
    icmp-options=8:0 protocol=icmp
add action=accept chain=input comment="Alles aus dem LAN annehmen" disabled=\
    no in-interface=ether3
add action=drop chain=input comment="Alles andere verwerfen" disabled=no
the comments are german, because i'm from germany ;) If u need a translation, i'll translate it

EDIT:

Here i printed it out
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Bereits vorhandene Verbindungen akzeptieren
     chain=spi action=accept connection-state=established 

 1   ;;; Related Verbindugen akzeptieren (z.B. ICMP-Meldungen)
     chain=spi action=accept connection-state=related 

 2   ;;; Mikrotik Empfehlung: Pakete mit Invalid-Mark gleich loswerden
     chain=spi action=drop connection-state=invalid 

 3   ;;; Zurueck, die restlichen Regeln sind Chain-spezifisch
     chain=spi action=return 

 4   chain=forward action=jump jump-target=spi 

 5   ;;; PPTP-Negotiation erlauben
     chain=forward action=accept protocol=tcp dst-address=192.168.1.2 dst-port=1723 

 6   ;;; GRE erlauben
     chain=forward action=accept protocol=gre dst-address=192.168.1.2 

 7   ;;; Website
     chain=forward action=accept protocol=tcp dst-address=192.168.1.2 dst-port=80 

 8   ;;; Alles ueberall hin vom LAN erlauben
     chain=forward action=accept in-interface=ether3
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Thu Mar 15, 2012 10:57 pm

That is incomplete only 8 rules coming up... You need to show them all as I am assuming you have some rules toward the bottom that are dropping input on your first dsl connection.
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Fri Mar 16, 2012 10:31 am

Sorry -.-
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Bereits vorhandene Verbindungen akzeptieren
     chain=spi action=accept connection-state=established 

 1   ;;; Related Verbindugen akzeptieren (z.B. ICMP-Meldungen)
     chain=spi action=accept connection-state=related 

 2   ;;; Mikrotik Empfehlung: Pakete mit Invalid-Mark gleich loswerden
     chain=spi action=drop connection-state=invalid 

 3   ;;; Zurueck, die restlichen Regeln sind Chain-spezifisch
     chain=spi action=return 

 4   chain=forward action=jump jump-target=spi 

 5   ;;; PPTP-Negotiation erlauben
     chain=forward action=accept protocol=tcp dst-address=192.168.1.2 
     dst-port=1723 

 6   ;;; GRE erlauben
     chain=forward action=accept protocol=gre dst-address=192.168.1.2 

 7   ;;; Website
     chain=forward action=accept protocol=tcp dst-address=192.168.1.2 
     dst-port=80 

 8   ;;; Alles ueberall hin vom LAN erlauben
     chain=forward action=accept in-interface=ether3 

 9   ;;; Alles andere verwerfen
     chain=forward action=drop 

10   chain=input action=jump jump-target=spi 

11   ;;; Ping immer annehmen
     chain=input action=accept protocol=icmp icmp-options=8:0 

12   ;;; Alles aus dem LAN annehmen
     chain=input action=accept in-interface=ether3 

13   ;;; Alles andere verwerfen
     chain=input action=drop
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Fri Mar 16, 2012 4:46 pm

Could be 9 13 or maybe 2 I am not sure. I'm not that big a firewall guy.

Try disabling the drop rules and retesting. If it works go back through enabling them one at a time.
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Fri Mar 16, 2012 5:12 pm

You think it's a firewall problem?
Could be 9 13 or maybe 2 I am not sure. I'm not that big a firewall guy.

Try disabling the drop rules and retesting. If it works go back through enabling them one at a time.
no success -.-
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Tue Mar 20, 2012 4:35 pm

*push* No one can help?
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Tue Mar 20, 2012 10:49 pm

I think I found the issue and I am sorry this took so long.

The issue is when a client contacts the sever on the second connection the server is responding on the first connection.

I am posting information from my earlier post below it has your answer. In the post below notice how the mangle rules identifies which wan connection a request is coming in on. Then is marks and and ensures the return traffic uses the same route. So you need to edit your mangle rules only for a connection coming in on WAN 2 and mark that traffic. Then establish a route for the traffic that will leave WAN 2 instead of WAN1 like it is doing now.

That will solve the issue.


***************
01
/ip address
02
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
03
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
04
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
05

06
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
07

08
/ip firewall mangle
09
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
10
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
11

12
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
13
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
14

15
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
16
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
17

18
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
19
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
20

21
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
22
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
23

24
/ip route
25
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
26
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
27

28
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
29
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
30

31
/ip firewall nat
32
add chain=srcnat out-interface=WAN1 action=masquerade
33
add chain=srcnat out-interface=WAN2 action=masquerade
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Sun Mar 25, 2012 7:18 pm

Hmm, i dont know how to do that
That is my mangle
Code: Select all
/ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Client 1 ueber DSL B
     chain=prerouting action=mark-routing new-routing-mark=dslB passthrough=yes 
     src-address=192.168.1.2-192.168.1.99 in-interface=ether3
so i edited your code

Code: Select all
/ip firewall mangle

add chain=input in-interface=pppoe1 action=mark-connection new-connection-mark=WAN1_conn

add chain=input in-interface=pppoe2 action=mark-connection new-connection-mark=WAN2_conn



add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1

add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
But i cant find the interface "Local", there is only ether1 (pppoe1), ether2 (pppoe2), ether3 (that is the port where the server is plugged in)

so i edited it to ether3

What do i have to change anything in "dst-address"? And why is there a second?
Code: Select all

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether3

add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=ether3
Do i have to change anything on "per-connection-classifier"?
Code: Select all

add chain=prerouting dst-address-type=!local in-interface=ether3 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes

add chain=prerouting dst-address-type=!local in-interface=ether3 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
Following destroy my policy based routing
Code: Select all

add chain=prerouting connection-mark=WAN1_conn in-interface=ether3 action=mark-routing new-routing-mark=to_WAN1

add chain=prerouting connection-mark=WAN2_conn in-interface=ether3 action=mark-routing new-routing-mark=to_WAN2
sry for all those questions -.-
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Wed Apr 04, 2012 7:25 pm

*push* again. There is only a little mistake, but i cant find it
Top
 
tws101
Member Candidate
Member Candidate
Posts: 283
Joined: Thu Sep 08, 2011 11:25 pm

Re: 1 server 2 DSL lines

Wed Apr 04, 2012 11:29 pm

Those dst addresses are your servers static ip addresses.



What do i have to change anything in "dst-address"? And why is there a second?

Code:

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether3

add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=ether3
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Thu Apr 05, 2012 6:13 pm

i think i'm too silly -.-

i have only on server 192.168.1.2

->
so i have to add

Code: Select all
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether3


right? But nothing happens

i know i am a pain in the neck, sry
Top
 
marko1303
newbie
Posts: 33
Joined: Mon Apr 23, 2012 10:51 am

Re: 1 server 2 DSL lines

Mon Apr 23, 2012 4:48 pm

Bene007 what is your configuration of PPPoE connection?
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Wed Apr 25, 2012 8:05 pm

Do u mean:
Code: Select all
[admin@MikroTik] /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                               TYPE               MTU L2MTU  MAX-L2MTU
 0  R  ether1                             ether             1500  1598       4074
 1  R  ether2                             ether             1500  1598       4074
 2  R  ether3                             ether             1500  1598       4074
 3     ether4                             ether             1500  1598       4074
 4     ether5                             ether             1500  1598       4074
 5  R  ;;; Leitung 1
       pppoe1                             pppoe-out         1492
 6  R  ;;; Leitung 2
       pppoe2                             pppoe-out         1492
or
Code: Select all
[admin@MikroTik] /interface pppoe-client> print 
Flags: X - disabled, R - running 
 0  R ;;; Leitung 1
      name="pppoe1" max-mtu=1492 max-mru=1492 mrru=disabled interface=ether1 
      user="****" password="****" 
      profile=default service-name="" ac-name="" add-default-route=yes 
      dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 

 1  R ;;; Leitung 2
      name="pppoe2" max-mtu=1492 max-mru=1492 mrru=disabled interface=ether2 
      user="****" password="****" 
      profile=default service-name="" ac-name="" add-default-route=no 
      dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
Top
 
marko1303
newbie
Posts: 33
Joined: Mon Apr 23, 2012 10:51 am

Re: 1 server 2 DSL lines

Thu Apr 26, 2012 10:19 am

Do u mean:
Code: Select all
[admin@MikroTik] /interface pppoe-client> print 
Flags: X - disabled, R - running 
 0  R ;;; Leitung 1
      name="pppoe1" max-mtu=1492 max-mru=1492 mrru=disabled interface=ether1 
      user="****" password="****" 
      profile=default service-name="" ac-name="" add-default-route=yes 
      dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 

 1  R ;;; Leitung 2
      name="pppoe2" max-mtu=1492 max-mru=1492 mrru=disabled interface=ether2 
      user="****" password="****" 
      profile=default service-name="" ac-name="" add-default-route=no 
      dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2
This is what I need. Thx.
Top
 
Bene007
just joined
Topic Author
Posts: 18
Joined: Tue Mar 13, 2012 5:06 pm

Re: 1 server 2 DSL lines

Fri Apr 27, 2012 11:23 am

and do u have a solution?
Top
Locked
  4. RouterOS
  5. Beginner Basics