Community discussions

MUM Europe 2020
 
foxch2
just joined
Topic Author
Posts: 19
Joined: Tue Dec 08, 2015 11:35 am

Separation of traffic from different networks to different external addresses on 1 WAN port

Fri Nov 24, 2017 8:19 am

hi all, need help
have a gateway CCR1009-7G-1C-1S
it come with two different subnets on two different Ethernet port

1 port subnet 10.1.1.0/24
2 port subnet 10.2.1.0/24

on the WAN interface are some external IP on the subnet
For example 1.1.1.8/29
they come from a single provider and a single optical line. divided into 2 external port is not possible

hosts from different subnets communicate with each other, but the queries to the Internet all comes from one external IP defined on the interface

How to differentiate to the treatment of the first subnet came from one IP, and the second subnet with a different IP

for example
for network 10.1.1.0/24 Internet address was 10.1.1.12
for network 10.2.1.0/24 Internet address was 10.1.1.13

Most of the advice that is usually divide by 2 WAN interface, but for me it is not appropriate, as the line comes to me, one on optics
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 259
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Separation of traffic from different networks to different external addresses on 1 WAN port

Fri Nov 24, 2017 9:41 am

You should have 2 IP addresses on WAN interface, then dst-nat like this
add action=src-nat chain=srcnat out-interface=WAN src-address=10.1.1.0/24 to-addresses=1.1.1.9/29
add action=src-nat chain=srcnat out-interface=WAN src-address=10.2.1.0/24 to-addresses=1.1.1.10/29
Your example
for example
for network 10.1.1.0/24 Internet address was 10.1.1.12
for network 10.2.1.0/24 Internet address was 10.1.1.13
is not correct, You should have different subnets for WAN and local side of router.
---
Karlis
 
foxch2
just joined
Topic Author
Posts: 19
Joined: Tue Dec 08, 2015 11:35 am

Re: Separation of traffic from different networks to different external addresses on 1 WAN port

Fri Nov 24, 2017 11:28 am

Yes, on WAN interface I have the IP written separately

my example is really a bit not correct, but only in open task
in your example, traffic is controlled on the basis of the source address, as to do so was managed on the basis of Ethernet port

Mikrotik does not add such a rule
add action=src-NAT chain=srcnat out-interface=WAN src-interface=eth2 to-addresses=1.1.1.9/29
add action=src-NAT chain=srcnat out-interface=WAN src-interface=eth3 to-addresses=1.1.1.10/29

Who is online

Users browsing this forum: No registered users and 23 guests