Double Nating and Static Routing

lisandrogalup · February 17, 2011, 2:26am

Hi To all, this is my network diagram (viewer discretion advised cause is extgremely ugly):

This a double Nated network, every dude from 192.168.2.0 - 5.0 is natted to 192.168.1.x as you can see.

Right now what I would like to do is create some mangle rules in the Core Router (192.168.1.1) to redirect certain IP´s to Gateway X.

Example, I have a host in the network 192.168.2.0/24 with IP Address 192.168.2.25/32, I would like this connection goes to 10.0.0.1 and others connections in the same subnet to 10.0.1.1.

As this is a Natted host, how can I recognize its packets in Core router?

Any comments or sugestions to the layote would be very appreciated.

Caci99 · February 17, 2011, 1:52pm

You can try to change the dscp value of that PC.

/ip firewall mangle
add chain=forward action=change-dscp new-dscp=2 src-address=192.168.2.25 in-interface=ether1

then, in the core router

/ip firewall mangle
add chain=forward action=mark-routing new-routing-mark=whatever in-interface=ether1 dscp=2

lisandrogalup · February 19, 2011, 12:50pm

Caci99:

You can try to change the dscp value of that PC.

/ip firewall mangle
add chain=forward action=change-dscp new-dscp=2 src-address=192.168.2.25 in-interface=ether1

then, in the core router

/ip firewall mangle
add chain=forward action=mark-routing new-routing-mark=whatever in-interface=ether1 dscp=2

This works perfects. Thanks a lot Caci99

One last question, How Can I work without the first nat? I mean that Core router receives ip directly from host.

ETH1 - LAN in core router has the address 192.168.1.1/24, and the hosts goes from 192.168.2.10 to 192.168.254.254. How can I do that?

I can explain better if needed

Caci99 · February 21, 2011, 10:57am

As long as there is a router doing NAT between the core router and PC-s,
I don’t think there is any way for the core router to see the devices behind that second router.
You would need to use a switch in that case, or configure the routers in transparent bridge mode.

macgaiver · February 22, 2011, 10:41am

Double masquerade - VERY VERY BAD.

use routing for all internal communications and then use PCC for load balancing.

lisandrogalup · February 22, 2011, 11:30am

I would like to do that, but honestly I dont know how. If you can show me the way I can work on it…

thanks

macgaiver · February 22, 2011, 1:28pm

On main router:
/ip route add network=192.168.2.0/24 gateway=192.168.1.20
/ip route add network=192.168.3.0/24 gateway=192.168.1.22
/ip route add network=192.168.4.0/24 gateway=192.168.1.24
/ip route add network=192.168.5.0/24 gateway=192.168.1.26

and on each secondary router
/ip route add gateway=192.168.1.1

I strongly suggest you to read some “TCP/IP bible (basics)” book i know it is usually 700+ pages, but if you are going to earn money by doing networking - you need every page of it

vlad8 · February 23, 2011, 10:59am

remember to disable masquerading after adding static routes