hi all,
How would this be done?
I have a 450 setup with DSL1 on ETH1 and DSL2 on DSL2
ETH3 is the lan.
I need to segregate the VOIP and DATA to go to the 2 different DSL.
Is this possible? if so, how?
This is how i would do it. should work. Maybe there is a better way?
First make sure Bridge → settings → Use ip firewall is enabled.. disable any ports on the bridge
Setup a DHCP server on ETH3 and ETH4 different ip/subnets (for example 10.0.10.0 and 10.0.20.0)
set ETH3 ip address to 10.0.10.1/24
Set ETH4 ip address to 10.0.20.1/24
Setup DCHP Servers & pools for each subnet with the addresses you want it to hand out and map them to the appropriate ETH ports
Setup NAT in the Ip → Firewall NAT (Chain=srcnat src-address(10.0.10.0/24 and 10.0.20.0/24 action=Masquerade) for both ETH3’s and ETH4’s subnets
Setup MANGLE Rules for Router Marks for each subnet Ip → Firewall → Mangle → chain=prerouting src-address=10.0.10.0/24 & 10.0.20.0/24 (two seperate mangle rules) Action=Mark Routing New Routing Mark=VOIP / DATA
Setup Routing. Make two default routes (0.0.0.0/0) in IP routes in Ip → Routes and select routing mark VOIP then create the second route and set the routing mark DATA. Set the gateway of each default route and packet mark route according to where you which dsl modem you want it to go to (ETH3 or ETH4’s IP addresses)
setup your ip’s for each DSL ether connection (Either static, or DHCP client on ETH1 and ETH2)
Make any sense? its late.
yes it does make sense but in this case i will need to do vlan’s, correct? A vlan for voice on 10.0.10.0 and vlan for data 10.0.20.0…
I was wondering if MT has the smarts of somehow detecting packets on the same network, and direct them dependent on the type they are.
anyone have another idea? I don’t want 2 sperate networks. It needs to be 1 flat network on the lan side, packets marked as voice or data using mangle based on source address inseide the lan.
Anyone?
Look up policy routing on the forums, wiki, and google. Yes, you can mark based on protocol or IP source and then route accordingly.
The router will route between the two subnets, it is the gateway for both subnets, and will route between them with the setup i described. the only difference is the traffic out to the internet will get
mangled and sent out the proper interface. IE any 10.0.10.x device can “ping” or access any 10.0.20.0 device and vice versa. Vlans have nothing to do with it.
So computer X on 10.0.10.x tries to access say maybe a webconfig on a voip phone, it will send that traffic to 10.0.10.1 (the 450) and then the router knows how to get to IP 10.0.20.x since it has a
direct ip route in its table, and will forward it to that interface and the traffic will go out. then voip phone on 10.0.20.x will then respond back to 10.0.20.1 (again the 450’s address) and since it has a
route back to 10.0.10.x it will forward the packets back to the lan address that was looking for device X on 10.0.20.x
you can do the same thing based on ip’s as well if you want to do it that way.. there are tons of ways to accomplish what you want. its a matter of what is simple or what is complex, i think what i
described is a good way to do it via routing, while keeping settings in RouterOS fairly simple.