Multi WAN connection same GW and subnet - Routing PROBLEM

senzatempo · March 24, 2012, 9:33am

I have this scenario

My isp relase pubblic ip on dhcp
I have 4 pubblic ip: ip1, ip2, ip3, ip4
hardware RB750 ros 5.14
I want use all pubblic ip for nat 1:1 and RB managment winbox

I have tried virtual eth and VLAN for use all pubblic ip in the same ethernet interface but don’t work … (only one dhcp client work on phisical port)
Then I used 4 eth port (WAN1..WAN4) one for pubblic ip and 1 port for lan (LAN) — This approach is correct ?

My real problem is that routerboard don’t route to the internet I think that is neccessary a nat roule but I didn’t this …

nat 1:1 and masquerading on subnet lan work perfectly

this is routers table and firewall nat config

/ip route
add comment=Default_Route disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    [internet-gateway] scope=30 target-scope=10

I write this with a simple script, I use in dhcp client add default route … only for redundancy i don’t sure if is necessary ..?
ip route print detail

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 A S  ;;; Default_Route
        dst-address=0.0.0.0/0 gateway=10.210.192.1 
        gateway-status=10.210.192.1 reachable via  WAN3 distance=1 scope=30 
        target-scope=10 

 1  DS  dst-address=0.0.0.0/0 gateway=10.210.192.1 
        gateway-status=10.210.192.1 reachable via  WAN3 distance=10 scope=30 
        target-scope=10 vrf-interface=WAN1 

 2  DS  dst-address=0.0.0.0/0 gateway=10.210.192.1 
        gateway-status=10.210.192.1 reachable via  WAN3 distance=20 scope=30 
        target-scope=10 vrf-interface=WAN2 

 3  DS  dst-address=0.0.0.0/0 gateway=10.210.192.1 
        gateway-status=10.210.192.1 reachable via  WAN3 distance=30 scope=30 
        target-scope=10 vrf-interface=WAN3 
		
 4  DS  dst-address=0.0.0.0/0 gateway=10.210.192.1 
        gateway-status=10.210.192.1 reachable via  WAN3 distance=40 scope=30 
        target-scope=10 vrf-interface=WAN4

 5 ADC  dst-address=10.210.192.0/18 pref-src=10.210.249.170 
        gateway=WAN2,WAN1,WAN3,WAN4 
        gateway-status=WAN2 reachable,WAN1 reachable,WAN3 reachable distance=0 
        scope=10 

 6 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10

This is my ip fire nat config, I work arround for RB icmp and Winbox but … the router board don’t route to internet … not ping out, no dns, no snt client, no VPN client, etc…

/ip firewall nat
add action=dst-nat chain=dstnat comment=Mkt_icmp-WAN1 disabled=no dst-address=10.210.249.169 \
    protocol=icmp to-addresses=192.168.0.1
add action=netmap chain=srcnat comment=Net-WAN1 disabled=no src-address=192.168.0.2 to-addresses=\
    10.210.249.169
add action=dst-nat chain=dstnat comment=Dst1-WAN1 disabled=no dst-address=10.210.249.169 dst-port=\
    0-8290 protocol=tcp to-addresses=192.168.0.2 to-ports=0-8290										### this is the work arround for use winbox on the first pubblic ip ###
add action=dst-nat chain=dstnat comment=Dst2-WAN1 disabled=no dst-address=10.210.249.169 dst-port=\
    8292-65535 protocol=tcp to-addresses=192.168.0.2 to-ports=8292-65535								### this is the work arround for use winbox on the first pubblic ip ###
add action=src-nat chain=srcnat comment=Src-WAN1 disabled=no src-address=10.210.249.169 \
    to-addresses=192.168.0.2
add action=netmap chain=srcnat comment=Net-WAN2 disabled=no src-address=192.168.0.3 to-addresses=\
    10.210.249.170
add action=dst-nat chain=dstnat comment=Dst-WAN2 disabled=no dst-address=10.210.249.170 \
    to-addresses=192.168.0.3
add action=src-nat chain=srcnat comment=Src-WAN2 disabled=no src-address=10.210.249.170 \
    to-addresses=192.168.0.3
add action=netmap chain=srcnat comment=Net-WAN3 disabled=no src-address=192.168.0.4 to-addresses=\
    10.210.249.171
add action=dst-nat chain=dstnat comment=Dst-WAN3 disabled=no dst-address=10.210.249.171 \
    to-addresses=192.168.0.4
add action=src-nat chain=srcnat comment=Src-WAN3 disabled=no src-address=10.210.249.171 \
    to-addresses=192.168.0.4
add action=netmap chain=srcnat comment=Net-WAN4 disabled=no src-address=192.168.0.5 to-addresses=\
    10.210.249.172
add action=dst-nat chain=dstnat comment=Dst-WAN4 disabled=no dst-address=10.210.249.172 to-addresses=\
    192.168.0.5
add action=src-nat chain=srcnat comment=Src-WAN4 disabled=no src-address=10.210.249.172 to-addresses=\
    192.168.0.5
add action=masquerade chain=srcnat disabled=no src-address=192.168.0.0/24   #### this is for masquerade al client LAN behind at the 4 client nat 1:1 ###
 
### All ip fire nat are write dynamicaly with a script (my pubblic ip is dynamic no static) ###

other relevant config

/ip address
add address=192.168.0.1/24 comment="LAN" disabled=no interface=LAN network=\
    192.168.0.0

/ip dhcp-client
add add-default-route=yes default-route-distance=10 disabled=no interface=WAN1 use-peer-dns=yes
add add-default-route=yes default-route-distance=20 disabled=no interface=WAN2 use-peer-dns=yes
add add-default-route=yes default-route-distance=40 disabled=no interface=WAN4 use-peer-dns=yes
add add-default-route=yes default-route-distance=30 disabled=no interface=WAN3 use-peer-dns=yes

Please ALL any suggestions for the best configurations and solve the routing RB problem

Thanks to all for yours suggest

Senzatempo

senzatempo · March 24, 2012, 3:18pm

The internal’s routing RB problem is solved when I don’t use all pubblic ip for nat 1:1 but reserve one to MKT,
but in this mode I lose the possibility of nat 1:1 x 4. Some one know the correct nat config for resolve this problem ?
or isn’t possible …
BR
Senzatempo