2 Public IPs, 2 private networks. one for each. close but not there yet

RouterOS General
1

Hello guys.
I’ve done several private networks. also 2 ISPs for redundancy (using routes with distance).
I now need to do is create 2 private networks, 2 dif Public networks, route them accordingly, and then put the proper incoming NAT rules (but this part would be the same as for 1 network)
I found this post: http://forum.mikrotik.com/t/setup-2-public-ip-addresses-nat-mail-server-web-server/104547/1
which is similar, but using only one network.

lets say for example

  • I put ports 1-15 for lan1: 192.168.1.0/24 (default lan)
  • I put ports 16-20 for lan2: 192.168.88.0/24 (server’s lan)
  • I then create a swtich for ports 23/24 for ISP/publics IPs (either using bridge or master/slave)
  • I put on eth24: 1.1.1.2 /29
  • I put on eht23: 1.1.1.3 /29
    (lets say the ISP gateway is 1.1.1.1/29)

normally (with one Public IP), next would be to setup src nat:
like, chain=srcnat action=masquerade out-interface=eth24
and in having the default route,
destination add 0.0.0.0/0 gateway: 1.1.1.1

all good so far? if so,
question #1- should I create a src nat for the extra IP, like
A- chain=srcnat src-address=192.168.88.0/24 out-interface=eth23 action=src-nat ? or
B- chain=srcnat src-address=192.168.88.0/24 out-interface=eth23 action=masquerade? or?
C- ?
and, edit the one I already have (chain=srcnat action=masquerade out-interface=eth24 )
to something similar to A,B,C, (with the dif IP info),

and, question #2:
then comes the route:
destination add 0.0.0.0/0 gateway: 1.1.1.1
that in this particular case, is the same, because same IP is giving that /29, but would be nice to know (for references of anyone else reading this post and for the future), what if you have 2 completely different ISPs, how can you use one gateway each network?

thanks in advance.
I hope this info helps you routerOS gurus help me, and help other not as gurus like me for similar scenarios. :smiley:

2

Short/Fast answer: Do a MTCNA :slight_smile:

Normal answer:

  • I then create a swtich for ports 23/24 for ISP/publics IPs (either using bridge or master/slave)
  • I put on eth24: 1.1.1.2 /29
  • I put on eht23: 1.1.1.3 /29
    (lets say the ISP gateway is 1.1.1.1/29)

Why? Last time this “setup” was done on bypass port at RB1100 …
Better is create a bridge-wan1-name_of_isp and bridge-wan2-name-of-isp. Next add port 23 to bridge1, 24 to bridge2… add IP addressing ON proper BRIDGE (not port into bridge).
If you have got 5 IP then you can add it to IP > Address.
And magic is on IP > Routing … i many ways… (MTCRE).

question #1- should I create a src nat for the extra IP, like

What you plan to do? Without plan your setup will be improvisation :slight_smile:
E.g.
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.88.0/24 out-interface=bridge-wan2
/ip firewall nat add action=src-nat chain=srcnat src-address=192.168.88.0/24 out-interface=bridge-wan2 to-addresses=1.1.1.2
/ip firewall nat add action=src-nat chain=srcnat src-address=192.168.88.2 out-interface=bridge-wan2 to-addresses=1.1.1.3
etc.

question #2: then comes the route: … how can you use one gateway each network?

As Many answer … as many PLANs :slight_smile:
Search words like PBR, Mangle, NetWatch, MPLS TE, scripts via icmp, recursive routing, PCC, Bandwidth base, Bonding, MultiWan… and manual clicking to change main distance route on MTK… many ways.
Read good materials from MUM like https://mum.mikrotik.com/presentations/US12/tomas.pdf

but would be nice to know (for references of anyone else reading this post and for the future)

Google, certifications, wiki, MUM, and PLAN :).

I hope I answer on some of your question.