One Eth Port - 2 gateway addresses

wilburt · September 19, 2017, 1:16am

I have 3 Vlans setup on my RB1100 with one physical port as the connection to the outside world. How can I ensure specific VLANS go out a specific Gateway?

Vlan10 192.168.10.x/24
Vlan20 192.168.20.x/24
Vlan30 192.168.30.x/24

Eth1 → Gateways (172.16.1.1/32 & 172.16.2.1/32) outside world (WWW)

What is the best configuration to ensure the following routing is acheived

Vlan10 → 0.0.0.0/0 Via 172.16.1.1/32

Vlan20&30 → 0.0.0.0/0 Via 172.16.2.1/32

Thanks

Azma · September 20, 2017, 1:54am

Hi,

create static route with mark routing under /ip route.

/ip route add gateway="ip wan1" routing-mark=wan1
/ip route add gateway="ip wan2" routing-mark=wan2

create rule to implement static route for your desired clients.

/ip route rule add interface=vlan10 action=lookup table=wan1
/ip route rule add interface=vlan20 action=lookup table=wan2
/ip route rule add interface=vlan30 action=lookup table=wan2

check gateway for every client of vlans using tool tracert to ensure the clients get routed through the gateway as your plan.

wilburt · September 21, 2017, 11:16pm

Thanks Azma. Will try that and report back on success

wilburt · September 21, 2017, 11:42pm

Azam, is it necessary for firewall mangle rules to mark those packets? or the configuration you provide will suffice?

wilburt · September 27, 2017, 12:01pm

Applied the following codes but network not able to get out. Does NAT rules need to be updated from out-interface to the specific IP address to NAT on?

karlisi · September 27, 2017, 1:04pm

Don’t mess with routes, make src-nat rules for each of subnets like this:

/ip firewall nat
add action=src-nat chain=srcnat out-interface=WAN \
    src-address=192.168.10.0/24 to-addresses=172.16.1.1/32
add action=src-nat chain=srcnat out-interface=WAN \
    src-address=192.168.20.0/24 to-addresses=172.16.2.1/32

wilburt · October 4, 2017, 9:50am

Thanks All. The configurations listed above work as expected.