I’ve got the following setup:
eth1 : LAN1 192.168.100.0/24
eth2 : LAN2 192.168.101.0/24
eth3: External IP From ISP1 ie. 92.92.92.92 default gw 92.92.92.91
eth4: External IP From ISP2 ie. 93.93.93.93 defaulte gw 93.93.93.92
I need to set it up as follows:
Allow inbound SMTP from either eth3 and eth4 public ip to be routing to an internal server on eth2 segment.
Allow inbound HTTP from either eth3 and eth4 public ip to be routing to an internal server on eth2 segment.
All Outbound traffic needs to be load balanced on a ratio of 1:2 as ISP1 is unlimited however ISP2 charges after we go over 50GB of limit. I need to be a position that if i unplug ISP1 or ISP2 everything still continues to go.
To add an extra complication on the eth1 segment they have restricted internet policies currently handled by transparant proxy on mikrotik for they dst 192.168.100.0/24 (then lots of rules under the ip proxy part for them). This part is working correctly.
How do I go about creating such rules i’ve read the wiki but need to relate it to a multi lan setup and make sure the incoming traffic is routed correctly.
Thanks,
Chris
chrisbond -
All Outbound traffic needs to be load balanced on a ratio of 1:2 as ISP1 is unlimited however ISP2 charges after we go over 50GB of limit.
The wiki shows you how to do this, it is a simply matter of putting the gateways in at a 2:1 ratio with " nth ".
Secondly - If you advertise two different IPs for your services, i.e. webserver and SMTP server then you have NO control over which way the outgoing traffic should go to answer the incoming request. They way routing works is if a request comes in on eth3 for say a web page on your server, then the answer to the request should go out eth3. If it were to go out eth4 it would ‘break’ the connection.
How do I go about creating such rules i’ve read the wiki but need to relate it to a multi lan setup and make sure the incoming traffic is routed correctly.
The router doesn’t care if you have ten LAN connections, if you dst-nat to an IP the router will send it out the correct interface, i.e. dst-nat 200.200.200.5 to 192.168.100.5. This would dst-nat requests to 200.200.200.5 to 192.168.100.5 and since your router knows where 192.168.100.5 is (it is connected to eth1) then it sends the request there… Connection tracking in the router will track this connection and as long as you have the remainder of the router setup up correctly will answer out the same interface the request was recieved on.
R/
Secondly - If you advertise two different IPs for your services, i.e. webserver and SMTP server then you have NO control over which way the outgoing traffic should go to answer the incoming request. They way routing works is if a request comes in on eth3 for say a web page on your server, then the answer to the request should go out eth3. If it were to go out eth4 it would ‘break’ the connection.
Surely they must be some sort of fix for this or workaround to force the eth3 connection but still allow outbound to be load balanced outbound.
chrisbond -
Purely outbound that is initiated by an Internal request - piece of cake - that’s what load balancing is all about.
A connection coming from outside (thus you cannot control where it comes from, and, what the dns server will give for the ‘final’ destination IP) has to be answered by the same interface that the request went in on… There are ways around this but you would have to control what dns says the IP address is or be able to route the incoming request to the desired IP regardless of what dns says the IP should be…
R/