I need a help with redirection new public IP to guest network running on Unifi.
So, both ISP public ips comes from one interface = ether1
current network 192.168.1.0/24, public ip=10.10.1.2
guest network 192.168.2.0/24, public ip=10.10.1.3
I tried to do the following:
chain = “preerouting” sourse-adr-list = “192.168.2.0/24” action = “mark routing” new routing mark = “245”
And the route:
Dst adresses: 0.0.0.0.0/0 gataway=10.10.1.3 , Routing Mark=245
But in this scenario the guest users get a new IP but not the guest Unifi portal is no longer available, it doesn’t seem to see any other routes.
Help me to find a solution how to reassign IP to guest network but to make the guest portal available
As you haven’t provided any information about the Unifi portal, the following is based on an experienced guess and hence not 100 % guaranteed to actually solve your problem.
Unless you already have it, configure an address list that contains all private IP addresses (the name is not important, the contents is): /ip firewall address-list
add list=rfc1918 address=10.0.0.0/8
add list=rfc1918 address=172.16.0.0/12
add list=rfc1918 address=192.168.0.0/16
Then add a match condition to your mangle rule, dst-address-list=**!**rfc1918
As a result, the rule will assign the routing mark only to packets whose destination address is a public one, so the clients will be able to reach the Unifi portal.