I have a mail server that is listed on blacklist SBL because all the traffic from mail server and users is going through one same public IP… I have from my ISP more than 5 public IP so what I need to do is separate the traffic in/out from specific local lan to a especific public IP for my mail server and do the same for my network users in that way my server will not be listed on black list any more if a user computer is infected with a spam virus.
This my setup RB500 using RouterOS 3.0rc7
Ether1 WAN (201.x.x.10 and 201.x.x.12) ISP public Address
Ether2 LAN DHCP Server 192.168.1.0/25
Ether3 used for database VLAN backup conections
I need to set the the 2 publics IP on ETHER1 for WAN conections so all my users will go to the internet using 201.x.x.10 in/out traffic and all the in/out traffic to the internet for my mail server will go through 201.x.x.12 to a especific local lan 192.168.1.10
All the routing policies that I see on wiki and forum is using 2 diferent IP providers and for balancing propurses, I try to use some of them but as a result I get disconected from internet.
Sounds simple enough, I bet its just a rule error. If you wish to get some help ASAP, shoot me a call, otherwise, post some more information, such as your nat rules etc, so that we can see what is goen on.
I have a dstnat rule for my mail server
chain=dstnat Dst.Address 201.x.x.12 Action=Dst-nat To Address=192.168.9.10
I did not set a firewall rule specific for mail server, all rules are global and only for blocking messenger and p2p
any idea of what I am doing wrong or what I miss?
Could you be please be more especific on what info I can give you about my configuration so you can help me ? I add a image with my actual network and how is working…
What I need to do is use one ethernet to set two IPs from my ISP.. after this 2 publics IP are set I need to send all the internet request from my users (all data in/out to the internet) over a specific IP and all the internet request,hosting (all data in/out to the internet) over the second IP address set.
On this way my server will navigate using a diferent public IP than my network users.
I try network balance example with good results, my principal interest is my mail server runing a pop and webmail.
Well here is the configuration of the mikrotik, all the config of interface,ip address, routes (my vlans) I don´t have any rule on my firewall yet, my mail server have 2 NIC:
NIC-1 :192.168.9.10
NIC-2 :192.168.9.19
I want to send my mail server traffic through a specific public IP 201.xx.xxx.99, and all the traffic of my vlans and locals users will use a different public IP to navigate the internet
[admin@B&V Firewall] /interface> print
Flags: X - disabled, R - running, D - dynamic, S - slave
NAME TYPE MTU
0 R WAN ether 1500
1 R LAN ether 1500
2 R BACKUP ether 1500
[admin@B&V Firewall] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
201.46.253.98/29 201.xx.xxx.96 201.xx.xxx.103 WAN
1 ;;; added by setup
192.168.9.4/24 192.168.9.0 192.168.9.255 LAN
2 X ;;; added by setup
201.xx.xxx.102/29 201.xx.xxx.96 201.xx.xxx.103 BACKUP
3 201.xx.xxx.100/29 201.xx.xxx.96 201.xx.xxx.103 WAN
4 201.xx.xxx.99/29 201.xx.xxx.96 201.xx.xxx.103 WAN
5 201.xx.xxx.101/29 201.xx.xxx.96 201.xx.xxx.103 WAN
[admin@B&V Firewall] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 A S ;;; added by setup
0.0.0.0/0 201.xxx.xxx.99 r 201.xx.xxx.97 1 WAN
1 A S ;;; EUROCOCINAS
192.168.1.0/24 r 192.168.9.1 1 LAN
2 ADC 192.168.9.0/24 192.168.9.4 0 LAN
3 A S ;;; TERRAMAR
192.168.10.0/24 r 192.168.9.1 1 LAN
4 A S ;;; AQUALINA
192.168.11.0/24 r 192.168.9.1 1 LAN
5 A S ;;; SEVILLA
192.168.12.0/24 r 192.168.9.1 1 LAN
6 ADC 201.xx.xxx.96/29 201.xx.xxx.98 0 WAN
I receive a response from Mikrotik support department and I solve my problem. Here is the reply I get from them.