Scenario: we have a T1 and a DSL connection. I want to enable destination nat on both external IPs to an internal mail server. The DSL connection and T1 are set up as gateways (i.e. via a route to destination 0.0.0.0) with the DSL connection having a lower distance. I plan on configuring some machines to use the T1 connection via a mangle route-mark rule while the rest use the DSL connection as the default. The machine with the mail server is not part of this rule and sends out traffic over the DSL line by default.
Problem: Dnat works fine when coming in via the DSL connection. However, when I come via the T1 connection, I don’t get a response.
I have three interfaces: DSL (x.x.x.x), T1 (y.y.y.y), and Private (z.z.z.z)
When destination NAT comes in on the non-default gateway, this rule marks the response packets (i.e. HTTP response, SMTP response, etc) with the routing rule so that they go out through the correct interface…
I ended up adding to the config I described above the following NAT/SRCNAT rules:
Src address: z.z.z.z out interface: T1 routing mark: t1 action:src-nat to address: y.y.y.y
Src address: z.z.z.z out interface: DSL routing mark: dsl action:src-nat to address: x.x.x.x
I need to do some more testing, but so far this seems to be working fine…
Mark the connection, then mark the packets, then mark routing. Then, in your routing table, reproduce what you need for WAN2 (include connected routes as well) Add a route rule also (some versions need this, some don’t):
/ ip route rule
add routing-mark=out-pip action=lookup table=out-pip
comment=“” disabled=no
I didn’t mark individual packets – i.e. I did a mark connection and mark routing.
I also didn’t use a routing lookup table, I just set up routes that are activated when a routing market is present (i.e. just add the route in the GUI as if it was a route for everything then enter the routing mark in the field…)