This is my ongoing work at using multiple ADSL services and the Mikrotik PCC rules along with some inbound mangling to allow a single router to load balance traffic across as many non bonded links as required.
Updated: 7th Jan 2010 – notes: added static routing marks for inbound traffic as inbound should never fall over to backup routes, while outbound should go over whatever is available. Also cleaned up routing order so it’s easier to read.
Note that none of this config requires the use of IP addresses at all, as it simply uses the pppoe-client interfaces and your lan interface to mark traffic. In my example wan1-pppoe,wan2-pppoe,wan3-pppoe are used and lan
/ip route add check-gateway=arp comment="WAN 3 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan3 add check-gateway=arp comment="WAN 2 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan2 add check-gateway=arp comment="WAN 1 - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan1 add check-gateway=arp comment="WAN 1 - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan1 add check-gateway=arp comment="WAN 2 - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan2 add check-gateway=arp comment="WAN 3 - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan3 add check-gateway=arp comment="WAN 1 - Distance 3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan1 add check-gateway=arp comment="WAN 2 - Distance 3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan2 add check-gateway=arp comment="WAN 3 - Distance 3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan3 add check-gateway=arp comment="Default Route - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe add check-gateway=arp comment="Default Route - Distance 2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe add check-gateway=arp comment="Default Route - Distance 3" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe add check-gateway=arp comment="Static Route - WAN1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-wan1 add check-gateway=arp comment="Static Route - WAN2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=static-wan2 add check-gateway=arp comment="Static Route - WAN3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=static-wan3 /ip firewall mangle add action=mark-connection chain=input comment="Mark new inbound connection wan1" connection-state=new disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 \ passthrough=yes add action=mark-connection chain=input comment="Mark new inbound connection wan2" connection-state=new disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 \ passthrough=yes add action=mark-connection chain=input comment="Mark new inbound connection wan3" connection-state=new disabled=no in-interface=wan3-pppoe new-connection-mark=wan3 \ passthrough=yes add action=mark-connection chain=prerouting comment="Mark established inbound connection wan1" connection-state=established disabled=no in-interface=wan1-pppoe \ new-connection-mark=wan1 passthrough=yes add action=mark-connection chain=prerouting comment="Mark established inbound connection wan2" connection-state=established disabled=no in-interface=wan2-pppoe \ new-connection-mark=wan2 passthrough=yes add action=mark-connection chain=prerouting comment="Mark established inbound connection wan3" connection-state=established disabled=no in-interface=wan3-pppoe \ new-connection-mark=wan3 passthrough=yes add action=mark-connection chain=prerouting comment="Mark related inbound connection wan1" connection-state=related disabled=no in-interface=wan1-pppoe \ new-connection-mark=wan1 passthrough=yes add action=mark-connection chain=prerouting comment="Mark related inbound connection wan2" connection-state=related disabled=no in-interface=wan2-pppoe \ new-connection-mark=wan2 passthrough=yes add action=mark-connection chain=prerouting comment="Mark related inbound connection wan3" connection-state=related disabled=no in-interface=wan3-pppoe \ new-connection-mark=wan3 passthrough=yes add action=mark-routing chain=output comment="Mark new inbound route wan1" connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no add action=mark-routing chain=output comment="Mark new inbound route wan2" connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no add action=mark-routing chain=output comment="Mark new inbound route wan3" connection-mark=wan3 disabled=no new-routing-mark=static-wan3 passthrough=no add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=new disabled=no \ dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/0 add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=new disabled=no \ dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/1 add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=new disabled=no \ dst-address-type=!local in-interface=lan new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/2 add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=\ established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=\ both-addresses:3/0 add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=\ established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=\ both-addresses:3/1 add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=\ established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=\ both-addresses:3/2 add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=related \ disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/0 add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=related \ disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/1 add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=related \ disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/2 add action=mark-routing chain=prerouting comment="Mark routing for PCC mark - option 1" connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=\ yes add action=mark-routing chain=prerouting comment="Mark routing for PCC mark - option 2" connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=\ yes add action=mark-routing chain=prerouting comment="Mark routing for PCC mark - option 3" connection-mark=wan3_pcc_conn disabled=no new-routing-mark=wan3 passthrough=\ yes
Advertisement
hello admin
is pcc work with pppoe server if ur answer is yes then plz make config for me for 2x wan.
here is my ip address detail
isp 1
ip address=192.168.1.2/24
gateway=192.168.1.1
isp 2
ip address=192.168.2.2/24
gateway=192.168.2.1
Local addres(mikrotik)
10.10.0.1/24
thanks in advace
Note=i want to configure pppoe server in mikrotik for pppoe cients.
i hope u understand
Sorry if I’m wrong, but is this part of your script wrong?
add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe
add check-gateway=arp comment=”Default Route – Distance 3″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
Should it not be:
add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
add check-gateway=arp comment=”Default Route – Distance 3″ disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe
Regards,
Matt.
Hi Matt,
Yeah should’ve been wan1,wan2,wan3 but in these rules the order doesn’t matter. It simply means that the default route will fall over to wan3 before it falls to wan2.
This won’t stop it from continuing to work in the event wan1 goes offline.
Thanks for pointing it out though, I’ll change it now 🙂
I see the above is for pppoe. Do you have or can you recommend a “reliable” config that works with all the different scenarios? (scenario’s are dhcp/dhcp, dhcp/pppoe, dhcp/static) The ones I have come across are not very reliable.
http://wiki.mikrotik.com/wiki/Policy_Base_Routing
Hi Jerry,
This setup will also work for DHCP and/or static options, you simply need to ensure for each routing table (wan1,wan2,wan3) that a polling method has been setup for each route and that the failover routes don’t rely on receiving the same DHCP details each time (hint: use the interface as the gateway rather than an IP on DHCP interfaces).
How is SRCNAT configured for this scenario? Would there be a SRCNAT entry for each pppoe interface?
Correct, src-nat for each outbound interface.
will this load balance multiple different TCP sessions from the same source IP accross several links?
If you have the “both-addresses” mode selected (as in my example) then connections from the same src to the same dst address will be kept on 1 link.
This prevents causing issues for servers that expect multiple connections from the same source IP address (banks, game servers etc).
If your multiple TCP connections are going to different dst addresses then they will be sent across different links (as decided by the PCC).
thanks also, line 4 and line 14 seem to have the same logic, but different markings, could you please explain what your achieving by marking the same packet on two different lines?
Line 4 ends up being used for marking outbound traffic tagged as wan1 by the PCC rules.
Line 14 is used to ensure that traffic from an external source inbound (such as a winbox connection to the router) will always be passed out the same link it came in on (ensuring you have access to the router via any of the connected links and not just the default route).
ok so mangle rules are to make sure packets go out same WAN they came in, mangle is not used to load balance. Routing rules are used to load balance per session. correct?
Rules 14-16 and 19-39 are used for ensuring traffic goes out the same WAN interfaces it comes in.
Rules 2-10 and 40-66 are used to achieve the load balancing + failover for load balancing if one of the links goes offline.
Rules 11-13 are the default routes with failover for connections originating from the router (eg: proxy out or DNS lookups)
Hope this clears things up 🙂
Hi There,
thanks for that, the thing is as soon as i disable these rules 10,11,12, no outbound packets work , so packets being marked, arent actually trying to take the marked path, its like the packets are unmarked by the time they reach the routing table.
add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe
add check-gateway=arp comment=”Default Route – Distance 3″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
Are you able to confirm that the “Distance 1” copies of all other routes (specifically the wan1 dist1, wan2 dist1, wan3 dist1) are showing as active?
yep their all active…
all good, looks like the default route is used to initiate the outbound connection so it’s required, the rest of the routes are used once the packets is marked there onwards
I found your load balance using PCC the best example. The comments has made it much easier to understand – thank you.
I hope you can point me in the correct direction – I have been trying to find a way for the Mikrotik to send me an email if one of the links goes down. Basically if wan3-pppoe goes down and email is generated letting me know that specific interface is down.
Easiest way to do something like that would be to write a script (to be run periodically via the scheduler) that checks each of your interfaces (or specific routes) to see if they’re up or down and then emails you.
Alternatively monitor/poll each of the external IP addresses with the dude; or via a free service like http://uptimerobot.com/
I have playing around with a few scripts but have not been successful – but uptimerobot.com looks like the perfect solution.
Thank you very much.
I have found one small problem which I have not been able to figure out..I created a port forwarding (port 80) rule in NAT to connect to a webserver for each of the In. Interfaces – the strange thing is when I try to connect to the webserver only wan3-pppoe works. If I try to connect via wan1-pppoe and wan2-pppoe no connection. Would I need some special mangle rules to fix this?
can’t lines 19-35 just be sumarised because essentially your interested in just inbound traffic from the pppoe interfaces so no need to worry about the state
Hi,
This worked great with my 2 PPPoE connections setup. Even though it doesn’t merge connections but it really eases the load on one link by adding another.
I set it up for a small organization of 15 Users and was trying to implement a squid with the setup that it redirects traffic to squid on the same LAN switch Users connected to, but no luck.
Do you have any advice how I can make mikrotik redirects to squid then squid back to mikrotik with the load balancing not effected. I would like to to make squid in transparent mode.
I would like also to hint that squid setup works when no load balancing is used and only with one PPPoE Con.
Here is my network topology:
PPPoE 2 Internet User1
| 192.168.0.0/24 |
Internet Wlan1- MT Router Load Balancing-Ether1 Switch ———- User 2
| |
PPPoE 1 Internet 192.168.0.5
Squid in
Transparent Mode *
* I do load balancing on two connections with the same ISP over two 12 Mbits PPPoE connected by wlan1 and I only have 1 ethernet port on my SXT router so I have to put squid on ether1 too.
** With out transparent mode where I put proxy information in User’s browser works just fine but my goal is transparent mode because I am thinking on implementing the same setup with a larger organization where I don’t have to put proxy information.
I tried these rules on router:
/ip firewall nat
add action=accept chain=srcnat disabled=no dst-port=80 protocol=tcp * even disabling or enabling this or the order of it had no luck
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no dst-port=80 new-routing-mark=http passthrough=yes protocol=tcp
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.5 routing-mark=http scope=30 target-scope=10
Rules on the proxy server are:
# DNAT port 80 request comming from LAN systems to squid 8080 transparent proxy.
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp –dport 80 -j DNAT –to 192.168.0.5:8080
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Squid.conf:
#==============================
#Transparent Mode
#==============================
http_port 8080 transparent
acl mylocalnet src 0.0.0.0/0.0.0.0
http_access allow mylocalnet
Thank you so much,
Tom
Sorry, Here is my Net Topology
[IMG]http://i47.tinypic.com/b3n1o8.png[/IMG]
Thanks for the reply – but I am not sure what you mean. Are you able give an example?
I was trying to make your setup work with Squid in transparent mode with original source ip address on one NIC where squid is in the same subnet Users at. anyways, I eventually managed to make it work on my own.
The solution was,
Two NAT rules setup in this order
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=accept chain=srcnat connection-mark=adsl1_pcc_conn disabled=no \
dst-port=80 protocol=tcp src-address=!192.168.0.5 to-addresses=\
192.168.0.5 to-ports=8080
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
add action=accept chain=srcnat connection-mark=adsl2_pcc_conn disabled=no \
dst-port=80 protocol=tcp src-address=!192.168.0.5 to-addresses=\
192.168.0.5 to-ports=8080
and two mangle rules put next after all the load balancing rules
add action=mark-routing chain=prerouting disabled=no dst-port=80 \
new-routing-mark=http passthrough=yes protocol=tcp src-address=\
!192.168.0.5
add action=mark-routing chain=prerouting disabled=no dst-port=80 \
new-routing-mark=http2 passthrough=yes protocol=tcp src-address=\
!192.168.0.5
and two routes like this:
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.0.5 routing-mark=http scope=30 target-scope=10
add check-gateway=arp disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
192.168.0.5 routing-mark=http2 scope=30 target-scope=10
Note my squid IP is 192.168.0.5 and clients are also connected to DHCP 192.168.0.0/24 and I am using one NIC on squid box. Firewall mangles HTTP traffic and routes it to squid. squid setup in transparent mode with only one iptables rule:
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp –dport 80 -j DNAT –to 192.168.0.5:8080
I am still facing one problem though, extreme delays in http request response. when I put client browser to point to squid IP 192.168.0.5 and port 8080, it works perfectly with no delays but when clients browser is not setup to point to squid. squid still works but there is delays in response. I don’t know what causing that delay. Could it be DNS or what. I am sure it is not related to overload, cache performance or too low mem since it is working perfectly when the client is pointed to it. So what do you think is the problem? It is been intriguing me for a while.
The first 3 lines of this script on the IP Route are giving me an “invalid value for augment addr” Any ideas?
Hi Tom, please make sure the prompt shows [admin@UMikroTik] /ip route> before where you’re pasting these.
If not, it means you’ve left out the first line, namly “/ip route” which sets the command context.
Its Lovely, Just awesome … I replaced PCC with Both-Addresses-and-Ports and now its combining the bandwidth as well.. What a charm… Just wasnt able to find anywhere on internet..
Thumbs UP.
I would like to make Loadbalance for 2 WAN (PPPoE).
WAN1 – 10 Mbps
WAN2 – 13 Mbps
I found that some website suggest about adding some line for maintain unbalance ration
Could you please verify the script below?
/ip route
add check-gateway=arp comment=”WAN 2 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan2
add check-gateway=arp comment=”WAN 1 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan1
add check-gateway=arp comment=”WAN 1 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan1
add check-gateway=arp comment=”WAN 2 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan2
add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
add check-gateway=arp comment=”Static Route – WAN1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-wan1
add check-gateway=arp comment=”Static Route – WAN2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=static-wan2
/ip firewall mangle
add action=mark-connection chain=input comment=”Mark new inbound connection wan1″ connection-state=new disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input comment=”Mark new inbound connection wan2″ connection-state=new disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan1″ connection-state=established disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan2″ connection-state=established disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan1″ connection-state=related disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan2″ connection-state=related disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 passthrough=yes
add action=mark-routing chain=output comment=”Mark new inbound route wan1″ connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output comment=”Mark new inbound route wan2″ connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (3 possibilities) – option 1″ connection-state=new disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (3 possibilities) – option 2″ connection-state=new disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (3 possibilities) – option 1″ connection-state=established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (3 possibilities) – option 2″ connection-state=established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (3 possibilities) – option 1″ connection-state=related disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (3 possibilities) – option 2″ connection-state=related disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 1″ connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 2″ connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=yes
hi there i have a different configuration
WAN1 = DHCP Client
WAN2 = DHCP Client
WAN3 = DHCP Client
LAN = 10.10.10.1
can you please tell me the configuration according to this for PCC load balancing
Can the setup work for me. I have to ISP, one is USM(ppp-client USB dongle) and the other one is with a router to mikrotik thru ether1. My Lan is on port 3 (hotspot-193.168.30.1/24), ether2 (10.11.6.1/24) and wlan1(192.168.2.1/24). I want a situation where the ppp-client USB will be my primary ISP (WAN1) and My secondary ISP will be from (ether1). How will my settings or configuration be so that if primary isp is down, the secodnary will come up and if primary comes up, it switches over to it.
thank you!!! very helpful how-to!!!
what mean per-connection-classifier=both-addresses-and-ports:2/0 ?
Can the setup work for me. I have two ISPs. primary ISP IP 10.10.10.1 and secondary ip is 192.168.19 my lan is 172.16.0.1 How will my settings or configuration be so that if primary isp is down, the secodnary will come up and if primary comes up, it switches over to it.
Congratulations!!
Nice work, bravo
I’ m new in RouterOS and I realized that it is magical.
I usedyour codewith an RB1100AHx2 and I used an RB750 as a PPPoE Server for testing. I used the ether1,2,3 as gateways to the RB750 and ports 4,5 as local LAN.
The system works great.
Omega-00 is it possible to write a few words, like a small documentation for us the newbies? A few words for each set of rules, would be greatly appreciated.
And a last question:
I would like to use the Hotspot manager on the Lan side. Do you think it is possible?
Thanks again
Hi Omega-00,
Please confirm the script for 2 WANs
It seems to be working but …. better be sure. thanks
01 /ip route
02 add check-gateway=arp comment=”WAN 1 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan1
03 add check-gateway=arp comment=”WAN 2 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan2
04
05
06 add check-gateway=arp comment=”WAN 1 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan1
07 add check-gateway=arp comment=”WAN 2 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan2
08
09
10 add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
11 add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
12
13 add check-gateway=arp comment=”Static Route – WAN1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-wan1
14 add check-gateway=arp comment=”Static Route – WAN2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=static-wan2
15
16
17 /ip firewall mangle
18 add action=mark-connection chain=input comment=”Mark new inbound connection wan1″ connection-state=new disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 \
19 passthrough=yes
20 add action=mark-connection chain=input comment=”Mark new inbound connection wan2″ connection-state=new disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 \
21 passthrough=yes
22
23 add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan1″ connection-state=established disabled=no in-interface=wan1-pppoe \
24 new-connection-mark=wan1 passthrough=yes
25 add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan2″ connection-state=established disabled=no in-interface=wan2-pppoe \
26 new-connection-mark=wan2 passthrough=yes
27
28
29 add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan1″ connection-state=related disabled=no in-interface=wan1-pppoe \
30 new-connection-mark=wan1 passthrough=yes
31 add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan2″ connection-state=related disabled=no in-interface=wan2-pppoe \
32 new-connection-mark=wan2 passthrough=yes
33
34 add action=mark-routing chain=output comment=”Mark new inbound route wan1″ connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
35 add action=mark-routing chain=output comment=”Mark new inbound route wan2″ connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
36
37
38
39 add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (2 possibilities) – option 1″ connection-state=new disabled=no \
40 dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
41
42 add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (2 possibilities) – option 2″ connection-state=new disabled=no \
43 dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
44
45 add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (2 possibilities) – option 1″ connection-state=\
46 established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=\
47 both-addresses:2/0
48 add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (2 possibilities) – option 2″ connection-state=\
49 established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=\
50 both-addresses:2/1
51
52 add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (2 possibilities) – option 1″ connection-state=related \
53 disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
54 add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (2 possibilities) – option 2″ connection-state=related \
55 disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
56
57 add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 1″ connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=\
58 yes
59 add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 2″ connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=\
60 yes
Hi Andreas,
I tried to leave most of my comments in for rules so the explanation tells what they are doing but to fully understand how PCC works it is best to start off by reading the MikroTik wiki article then coming here and implementing the example code. This will mean you should also have a basic idea of why traffic will go out each of the links and how to increase it to cover more links or to preference more traffic out one specific link over others.
http://wiki.mikrotik.com/wiki/Manual:PCC is the main article but there is another good one here too: http://gregsowell.com/?p=2395
hi i have rb2011 mikrotik and using pptp client 9WAN but my all pptp traffic go from one Ethernet i want fix my 1st pptp traffic goo from Ethernet1 2nd pptp go from eth2 with this i want load balance
Hi can someone help in my script. I will post it below. Thanks. I am using RB1100AH
DSL MODEM IP’s
DSL MODEM 1 = 192.168.3.1
DSL MODEM 2 = 192.168.4.1
DSL MODEM 3 = 192.168.52.1
DSL MODEM 4 = 192.168.60.1
DSL MODEM 5 = 10.10.1.1
DSL MODEM 6 = 10.10.2.1
DSL MODEM 7 = 10.10.3.1
DSL MODEM 8 = 10.10.4.1
DSL MODEM 9 = 10.10.5.1
DSL MODEM 10 = 10.10.6.1
DSL MODEM 11 = 10.10.7.1
/ip address
add address=10.10.100.1/24 network=10.10.100.0 broadcast=10.10.100.255 interface=ether13
add address=172.16.100.1/24 network=172.16.100.0 broadcast=172.16.100.255 interface=ether12
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=ether1
add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=ether2
add address=192.168.52.2/24 network=192.168.52.0 broadcast=192.168.52.255 interface=ether3
add address=192.168.60.2/24 network=192.168.60.0 broadcast=192.168.60.255 interface=ether4
add address=10.10.1.2/24 network=10.10.1.0 broadcast=10.10.1.255 interface=ether5
add address=10.10.2.2/24 network=10.10.2.0 broadcast=10.10.2.255 interface=ether6
add address=10.10.3.2/24 network=10.10.3.0 broadcast=10.10.3.255 interface=ether7
add address=10.10.4.2/24 network=10.10.4.0 broadcast=10.10.4.255 interface=ether8
add address=10.10.5.2/24 network=10.10.5.0 broadcast=10.10.5.255 interface=ether9
add address=10.10.6.2/24 network=10.10.6.0 broadcast=10.10.6.255 interface=ether10
add address=10.10.7.2/24 network=10.10.7.0 broadcast=10.10.7.255 interface=ether11
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8,8.8.4.4
/ip firewall mangle
add chain=input in-interface=ether1 action=mark-connection new-connection-mark=ether1_conn
add chain=input in-interface=ether2 action=mark-connection new-connection-mark=ether2_conn
add chain=input in-interface=ether3 action=mark-connection new-connection-mark=ether3_conn
add chain=input in-interface=ether4 action=mark-connection new-connection-mark=ether4_conn
add chain=input in-interface=ether5 action=mark-connection new-connection-mark=ether5_conn
add chain=input in-interface=ether6 action=mark-connection new-connection-mark=ether6_conn
add chain=input in-interface=ether7 action=mark-connection new-connection-mark=ether7_conn
add chain=input in-interface=ether8 action=mark-connection new-connection-mark=ether8_conn
add chain=input in-interface=ether9 action=mark-connection new-connection-mark=ether9_conn
add chain=input in-interface=ether10 action=mark-connection new-connection-mark=ether10_conn
add chain=input in-interface=ether11 action=mark-connection new-connection-mark=ether11_conn
add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1
add chain=output connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2
add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3
add chain=output connection-mark=ether4_conn action=mark-routing new-routing-mark=to_ether4
add chain=output connection-mark=ether5_conn action=mark-routing new-routing-mark=to_ether5
add chain=output connection-mark=ether6_conn action=mark-routing new-routing-mark=to_ether6
add chain=output connection-mark=ether7_conn action=mark-routing new-routing-mark=to_ether7
add chain=output connection-mark=ether8_conn action=mark-routing new-routing-mark=to_ether8
add chain=output connection-mark=ether9_conn action=mark-routing new-routing-mark=to_ether9
add chain=output connection-mark=ether10_conn action=mark-routing new-routing-mark=to_ether10
add chain=output connection-mark=ether11_conn action=mark-routing new-routing-mark=to_ether11
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=192.168.52.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=192.168.52.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=192.168.60.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=192.168.60.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.1.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.1.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.2.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.2.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.3.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.3.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.4.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.4.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.5.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.5.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.6.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.6.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address=10.10.7.0/24 action=accept in-interface=ether13
add chain=prerouting dst-address=10.10.7.0/24 action=accept in-interface=ether12
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/2 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/2 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/3 action=mark-connection new-connection-mark=ether4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/3 action=mark-connection new-connection-mark=ether4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/4 action=mark-connection new-connection-mark=ether5_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/4 action=mark-connection new-connection-mark=ether5_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/5 action=mark-connection new-connection-mark=ether6_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/5 action=mark-connection new-connection-mark=ether6_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/6 action=mark-connection new-connection-mark=ether7_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/6 action=mark-connection new-connection-mark=ether7_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/7 action=mark-connection new-connection-mark=ether8_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/7 action=mark-connection new-connection-mark=ether8_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/8 action=mark-connection new-connection-mark=ether9_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/8 action=mark-connection new-connection-mark=ether9_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/9 action=mark-connection new-connection-mark=ether10_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/9 action=mark-connection new-connection-mark=ether10_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/10 action=mark-connection new-connection-mark=ether11_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/10 action=mark-connection new-connection-mark=ether11_conn passthrough=yes
add chain=prerouting connection-mark=ether1_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether1_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether2_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether2
add chain=prerouting connection-mark=ether2_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether2
add chain=prerouting connection-mark=ether3_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether3
add chain=prerouting connection-mark=ether3_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether3
add chain=prerouting connection-mark=ether4_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether4
add chain=prerouting connection-mark=ether4_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether4
add chain=prerouting connection-mark=ether5_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether5
add chain=prerouting connection-mark=ether5_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether5
add chain=prerouting connection-mark=ether6_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether6
add chain=prerouting connection-mark=ether6_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether6
add chain=prerouting connection-mark=ether7_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether7
add chain=prerouting connection-mark=ether7_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether7
add chain=prerouting connection-mark=ether8_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether8
add chain=prerouting connection-mark=ether8_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether8
add chain=prerouting connection-mark=ether9_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether9
add chain=prerouting connection-mark=ether9_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether9
add chain=prerouting connection-mark=ether10_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether10
add chain=prerouting connection-mark=ether10_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether10
add chain=prerouting connection-mark=ether11_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether11
add chain=prerouting connection-mark=ether11_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether11
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_ether1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_ether2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.52.1 routing-mark=to_ether3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.60.1 routing-mark=to_ether4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.1.1 routing-mark=to_ether5 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.2.1 routing-mark=to_ether6 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.3.1 routing-mark=to_ether7 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.4.1 routing-mark=to_ether8 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.5.1 routing-mark=to_ether9 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.6.1 routing-mark=to_ether10 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.7.1 routing-mark=to_ether11 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.52.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.60.1 distance=4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.1.1 distance=5 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.2.1 distance=6 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.3.1 distance=7 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.4.1 distance=8 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.5.1 distance=9 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.6.1 distance=10 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.7.1 distance=11 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
add chain=srcnat out-interface=ether4 action=masquerade
add chain=srcnat out-interface=ether5 action=masquerade
add chain=srcnat out-interface=ether6 action=masquerade
add chain=srcnat out-interface=ether7 action=masquerade
add chain=srcnat out-interface=ether8 action=masquerade
add chain=srcnat out-interface=ether9 action=masquerade
add chain=srcnat out-interface=ether10 action=masquerade
add chain=srcnat out-interface=ether11 action=masquerade
Hi there,
Nice info, thank you. What about games that have multiple IP addresses(dest. addr.) but your source address(WAN) needs to remain the same? A game might have one IP for a chat lobby, another for authentication and another for the game server.
What would you suggest in this case?
Hi Brandon,
In this case you could switch to just using the “src-address” to force each customers traffic to always pick just one link.
You can mix and match these sort of rules too if you’re willing to test them out; IE: Try using PCC on traffic to ports 80,443 with src & dst pairing, then use src-address only for ports 1000-65535 (to cover anything else) but your millage may vary.
Andrew
Dear Matt.
i am trying to setup my mikrotik by following your tutorial and i am facing a problem.
[admin@MikroTik] /ip route> add check-gateway=arp comment=”Static Route – WAN1″ di
sabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-
wan1
invalid value for argument gw:
invalid value for argument address
input does not match any value of interface
invalid value for argument addr
that goes for all the setup in ip route.
i am simply pasting in a clear config mikrotik 750. could you help me please?
I know this is an old post but I’d just like to thank you for it. It’s the clearest PCC setup I’ve found and worked perfectly for me. Thanks.
Steve
Glad to hear it’s still useful to others; I still come back here copy it sometimes too 🙂
I may have spoken too soon! My “lan” interface is ether2 and that’s the switch master port for ports 3 and 4. Port 4 has all of our VoIP traffic from the LAN and once these rules are implemented the phones start dropping, seemingly at random. Will the rule specifying ether2 as the interface mangle traffic from 3 and 4 as well (as it’s the master port) or do I need to specify ports 3 and 4 in their own mangle rules?
Andreas K. From way back on May 24, 2013 at 12:58 am
You asked:
“And a last question:
I would like to use the Hotspot manager on the Lan side. Do you think it is possible?”
Hotspot seems to work just fine. But,,,,, not knowing if it’s needed, I did add in all 9 prerouting, that have the Pre Connection Classifier 3/0, 3/1, 3/2.
In: Extra, Hotspot, auth
Now the reason is that in every PCC w/Hotspot this has been done to make it work.
Good Luck if you are still looking into this. I would hope not.
/rk
Hello, omega-00, you are awesome! The script worked like a charm after weeks of testing different mangle rules. Thank-you