Problema PortForwarding con Load balancing

[alias3103]

Buongiorno a Tutti.
Ho una RB1100 configurata per il balancing connessa ad una RB1100 modalità routed per gestire le connessioni pppoe gestite da dma radiusmanager. Un problema che non riesco a risolvere è il port forwarding. In pratica ho configurato i DMZ dei router Vdsl in modo da puntare alla prima routerboard (balancing). Su quest'ultima poi ho applicato una regola dst-nat (TCP e UDP) in modo che puntasse alla seconda routerboard (server pppoe). Quando vado ad accedere da internet ad un dvr il dispositivo risulta essere collegato ma quando vado a visualizzare le telecamere si aprono lentamente e non tutte o non si aprono affatto. Di seguito riporto la configurazione delle routerboard affinchè mi possiate dare una mano a risolvere il problema. Grazie.

Quella che segue è la configurazione della ROUTERBOARD 1:

/interface list
add name=wan

/interface list member
add interface=ether1 list=wan
add interface=ether2 list=wan
add interface=ether3 list=wan
add interface=ether4 list=wan

/ip address
add address=192.168.1.2/30 comment=Provider interface=ether1 network=192.168.1.0
add address=192.168.2.2/30 interface=ether2 network=192.168.2.0
add address=192.168.3.2/30 interface=ether3 network=192.168.3.0
add address=192.168.4.2/30 interface=ether4 network=192.168.4.0
add address=172.15.11.1/30 comment=Lan-Gateway interface=ether11 network=172.15.11.0

/ip cloud
set ddns-enabled=yes

/ip dns
set allow-remote-requests=yes servers=192.168.1.1,192.168.2.1,192.168.3.1,192.168.4.1

/ip firewall mangle
add action=mark-connection chain=input comment="Queste regole marcano le connessioni in ingresso dalle singole connettivit"
in-interface=ether1 new-connection-mark=telecom_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether2 new-connection-mark=beactive_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether3 new-connection-mark=beactive2_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether4 new-connection-mark=telecom2_conn passthrough=yes
add action=mark-routing chain=output comment="Queste regole fanno in modo che i pacchetti arrivati dalle singole connettività riescano in internet dalle stesse." connection-mark=telecom_conn new-routing-mark=per_telecom_conn passthrough=yes
add action=mark-routing chain=output connection- mark=beactive_conn new-routing-mark=per_beactive_conn passthrough=yes
add action=mark-routing chain=output connection-mark=beactive2_conn new-routing-mark=per_beactive2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=telecom2_conn new-routing-mark=per_telecom2_conn passthrough=yes
add action=accept chain=prerouting comment="Queste regole fanno in modo che i pacchetti destinati alle subnet connesse alla ether1-2-3-4 non finiscano per sbaglio nella subnet errata." dst-address=192.168.1.0/30 in-interface=ether11
add action=accept chain=prerouting dst-address=192.168.2.0/30 in-interface=ether11
add action=accept chain=prerouting dst-address=192.168.3.0/30 in-interface=ether11
add action=accept chain=prerouting dst-address=192.168.4.0/30 in-interface=ether11
add action=mark-connection chain=prerouting comment="Queste regole eseguono il vero e proprio bilanciamento" dst-address-type=!local in-interface=ether11 new-connection-mark= telecom_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether11 new-connection-mark=beactive_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether11 new-connection-mark=beactive2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether11 new-connection-mark=telecom2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting connection- mark=telecom_conn in-interface=ether11 new-routing-mark=per_telecom_conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=beactive_conn in-interface=ether11 new-routing-mark=per_beactive_conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=beactive2_conn in-interface=ether11 new-routing-mark=per_beactive2_conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=telecom2_conn in-interface=ether11 new-routing-mark=per_telecom2_conn passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat comment=Mascheramento out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4
add action=dst-nat chain=dstnat dst-port=8728 in-interface-list=wan protocol= tcp to-addresses=172.15.11.1 to-ports=8728
add action=dst-nat chain=dstnat dst-port=0-65535 in-interface-list=wan protocol=tcp to-addresses=172.15.11.2 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=0-65535 in-interface-list=wan protocol=udp to-addresses=172.15.11.2 to-ports=0-65535

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark= per_telecom_conn
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark= per_beactive_conn
add distance=1 gateway=192.168.3.1 routing-mark=per_beactive2_conn
add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=per_telecom2_conn
add check-gateway=ping distance=1 gateway=192.168.3.1
add check-gateway=ping distance=2 gateway=192.168.1.1
add check-gateway=ping distance=3 gateway=192.168.2.1
add check-gateway=ping distance=4 gateway=192.168.4.1
add distance=1 dst-address=172.15.1.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.2.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.3.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.4.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.5.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.6.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.7.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.8.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.9.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.10.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.15.12.0/24 gateway=172.15.11.2
add distance=1 dst-address=172.16.0.0/29 gateway=172.15.11.2
add distance=1 dst-address=172.16.4.0/23 gateway=172.15.11.2

Questa è la configurazione della ROUTERBOARD 2:

/ip pool
add name=dhcp_pool1 ranges=172.15.1.2-172.15.1.254
add name=dhcp_pool2 ranges=172.15.2.2-172.15.2.254
add name=dhcp_pool3 ranges=172.15.3.2-172.15.3.254
add name=dhcp_pool4 ranges=172.15.4.2-172.15.4.254
add name=dhcp_pool5 ranges=172.15.5.2-172.15.5.254
add name=dhcp_pool6 ranges=172.15.6.2-172.15.6.254
add name=dhcp_pool7 ranges=172.15.7.2-172.15.7.254
add name=dhcp_pool8 ranges=172.15.8.2-172.15.8.254
add name=dhcp_pool9 ranges=172.15.9.2-172.15.9.254
add name=dhcp_pool10 ranges=172.15.10.2-172.15.10.254
add name=public_pool ranges=172.16.4.2-172.16.5.254
add name=expired_pool ranges=172.16.6.2-172.16.7.254
add name=dhcp_pool13 ranges=172.15.12.2-172.15.12.254

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether1 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether2 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=ether3 name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=ether4 name=dhcp4
add address-pool=dhcp_pool5 disabled=no interface=ether5 name=dhcp5
add address-pool=dhcp_pool6 disabled=no interface=ether6 name=dhcp6
add address-pool=dhcp_pool7 disabled=no interface=ether7 name=dhcp7
add address-pool=dhcp_pool8 disabled=no interface=ether8 name=dhcp8
add address-pool=dhcp_pool9 disabled=no interface=ether9 name=dhcp9
add address-pool=dhcp_pool10 disabled=no interface=ether10 name=dhcp10
add address-pool=dhcp_pool13 disabled=no interface=ether12 name=dhcp11

/ppp profile
set *0 change-tcp-mss=default local-address=172.16.4.1 remote-address=public_pool

/system logging action
add name=LogUtenti remote=172.16.0.3 remote-port=4950 target=remote

/interface pppoe-server server
add disabled=no interface=ether1 keepalive-timeout=60 service-name=service1
add disabled=no interface=ether2 keepalive-timeout=60 service-name=service2
add disabled=no interface=ether3 keepalive-timeout=60 service-name=service3
add disabled=no interface=ether4 keepalive-timeout=60 service-name=service4
add disabled=no interface=ether5 keepalive-timeout=60 service-name=service5
add disabled=no interface=ether6 keepalive-timeout=60 service-name=service6
add disabled=no interface=ether7 keepalive-timeout=60 service-name=service7
add disabled=no interface=ether8 keepalive-timeout=60 service-name=service8
add disabled=no interface=ether9 keepalive-timeout=60 service-name=service9
add disabled=no interface=ether10 keepalive-timeout=60 service-name=service10
add disabled=no interface=ether12 keepalive-timeout=60 service-name=service12

/ip address
add address=172.15.1.1/24 interface=ether1 network=172.15.1.0
add address=172.15.2.1/24 interface=ether2 network=172.15.2.0
add address=172.15.3.1/24 interface=ether3 network=172.15.3.0
add address=172.15.4.1/24 interface=ether4 network=172.15.4.0
add address=172.15.5.1/24 interface=ether5 network=172.15.5.0
add address=172.15.6.1/24 interface=ether6 network=172.15.6.0
add address=172.15.7.1/24 interface=ether7 network=172.15.7.0
add address=172.15.8.1/24 interface=ether8 network=172.15.8.0
add address=172.15.9.1/24 interface=ether9 network=172.15.9.0
add address=172.15.10.1/24 interface=ether10 network=172.15.10.0
add address=172.15.11.2/30 interface=ether11 network=172.15.11.0
add address=172.15.12.1/24 interface=ether12 network=172.15.12.0
add address=172.16.0.1/29 interface=ether13 network=172.16.0.0

/ip dhcp-server network
add address=172.15.1.0/24 gateway=172.15.1.1
add address=172.15.2.0/24 gateway=172.15.2.1
add address=172.15.3.0/24 gateway=172.15.3.1
add address=172.15.4.0/24 gateway=172.15.4.1
add address=172.15.5.0/24 gateway=172.15.5.1
add address=172.15.6.0/24 gateway=172.15.6.1
add address=172.15.7.0/24 gateway=172.15.7.1
add address=172.15.8.0/24 gateway=172.15.8.1
add address=172.15.9.0/24 gateway=172.15.9.1
add address=172.15.10.0/24 gateway=172.15.10.1
add address=172.15.12.0/24 gateway=172.15.12.1

/ip dns
set servers=172.15.11.1

/ip firewall address-list
add address=172.16.4.2-172.16.5.254 list="accesso a internet"
add address=172.16.0.3 list="accesso a internet"

/ip firewall filter
add action=log chain=forward connection-state=new protocol=tcp \
src-address-list="accesso a internet"
add action=log chain=forward connection-state=new protocol=udp \
src-address-list="accesso a internet"

/ip firewall nat
add action=masquerade chain=srcnat comment=Mascheramento out-interface=ether11 src-address-list="accesso a internet"
add action=dst-nat chain=dstnat comment=Radius dst-port=81 protocol=tcp to-addresses=172.16.0.3 to-ports=81
add action=dst-nat chain=dstnat comment=AirControl dst-port=9081 protocol=tcp to-addresses=172.16.0.3 to-ports=9081
add action=dst-nat chain=dstnat comment="Redirect expired pool" dst-port=80 protocol=tcp src-address=172.16.6.0/23 to-addresses=172.16.0.3 to-ports=80
add action=dst-nat chain=dstnat comment="UTENTE DVR" dst-port=9008 protocol=tcp to-addresses=172.16.4.91 to-ports=9008

/ip route
add distance=1 gateway=172.15.11.1
add distance=1 dst-address=192.168.1.0/30 gateway=172.15.11.1
add distance=1 dst-address=192.168.2.0/30 gateway=172.15.11.1
add distance=1 dst-address=192.168.3.0/30 gateway=172.15.11.1
add distance=1 dst-address=192.168.4.0/30 gateway=172.15.11.1

/ppp aaa
set interim-update=1m use-radius=yes

/radius
add address=172.16.0.3 secret=testing123 service=ppp timeout=2s

/radius incoming
set accept=yes port=1700

[alias3103]

Risolto. Grazie a tutti

[xanio]

Ciao, potresti almeno dire come l'hai risolto.

Grazie.