Hi all,
I,ve configured my RB450G as:
Eth1:Lan1
Eth2:Wan1
Eth3:Wan2
Eth4:Lan2
Eth5:Intranet
I am using 2 Lan's because it's one has 2 IP's on it,in order to act as gateway for 2 small subnets and because those subnets has a lot of traffic between them. Eth5 is for accessing some building near via antennas, but we have no problem there as they do have their own gateway for internet.
I am using PCC load balancing between Wan1 and Wan2. I also use web proxy. Well, browsing is extremely slow...
I've read quite a few articles about having mikrotik's web proxy enabled and PCC, and they all ends up that it's quite complicated...
So is there achange for this to work properly, as this article
http://aacable.wordpress.com/2013/05/16 ... um=twitter
or this?
http://forum.mikrotik.com/viewtopic.php?f=2&t=70400
I'll post here my configuration as soon as I'll get back back to office.
But for now i have a, beside all the above, to make one more question. Is it necessary to use NAT masquerade in my wan interfaces??? I really do not need it cause nat is taking place at some routers far away, where is the border gateways of our intranet.
Any help?
Re: 2 Lan's, 2 Wan's, PCC load balancing and proxy
@xtrego
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wan1
add address=192.168.4.1/24 network=192.168.4.0 broadcast=192.168.4.255 interface=wan2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-port=80 in-interface=Local protocol=tcp to-ports=3123
add action=masquerade chain=srcnat disabled=no out-interface=wan1
add action=masquerade chain=srcnat disabled=no out-interface=wan2
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=wan1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=wan2 new-connection-mark=wan2_conn passthrough=yes
add action=mark-connection chain=output disabled=no dst-port=80 new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no in-interface=Local new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no in-interface=Local new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=25000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 3123
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: Dotnet
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 5000
max-server-connections: 5000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: primary-slave
***Yes ... you have to use NAT masquerade in your wan interfaces.
Here is following rule only two Wan & single Lan.
please adjust your two Lan with your necessary in PCC rules in-interface=where is Local (mark-connection & mark-routing)
best regards
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wan1
add address=192.168.4.1/24 network=192.168.4.0 broadcast=192.168.4.255 interface=wan2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-port=80 in-interface=Local protocol=tcp to-ports=3123
add action=masquerade chain=srcnat disabled=no out-interface=wan1
add action=masquerade chain=srcnat disabled=no out-interface=wan2
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=wan1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=wan2 new-connection-mark=wan2_conn passthrough=yes
add action=mark-connection chain=output disabled=no dst-port=80 new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 protocol=tcp
add action=mark-connection chain=output disabled=no dst-port=80 new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local dst-port=!80 in-interface=Local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 protocol=tcp
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no in-interface=Local new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no in-interface=Local new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=output connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=25000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 3123
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: Dotnet
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 5000
max-server-connections: 5000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: primary-slave
***Yes ... you have to use NAT masquerade in your wan interfaces.
Here is following rule only two Wan & single Lan.
please adjust your two Lan with your necessary in PCC rules in-interface=where is Local (mark-connection & mark-routing)
best regards