-
-
stefanelul2000
newbie
- Posts: 25
- Joined:
NAT 2 PPPoE connections
Recently I've bought a second ip from my ISP. Both ip's that I own at this moment are provided via a PPPoE connection. I only have one LAN network, I kept it the default 192.168.88.0/24. I have a server with the static ip 192.168.88.5. The server hosts a website and because of it I want the server to use the 2 PPPoE connection. So the idea is that 192.168.88.5 should ONLY use PPPoE connection 2 while the rest of the devices should use PPPoE connection 1. I've tried to NAT masquerade 192.168.88.5 to PPPoE 2 but that didn't work. I am not so keen on making a separate LAN just for the server, I would like to keep it on the same network that it is right now. Do you have any suggestions on how I can solve my problem? Thanks
Re: NAT 2 PPPoE connections
I don't think you need another LAN.
for your server to use PPPoE 2 only, you need
* NAT masquerade 192.168.88.5 to PPPoE 2
* correct routing for both PPPoE 1 connection and PPPoE 2. this normally involve Mangle traffic from 192.168.88.5 with a routing mark then pick it up by a static routing entry to ensure this traffic is routed to PPPoE 2. So for PPPoE connection, do not use Add Default route, add it manually.
hope this helps. if you have any problem show your config for NAT and Route
for your server to use PPPoE 2 only, you need
* NAT masquerade 192.168.88.5 to PPPoE 2
* correct routing for both PPPoE 1 connection and PPPoE 2. this normally involve Mangle traffic from 192.168.88.5 with a routing mark then pick it up by a static routing entry to ensure this traffic is routed to PPPoE 2. So for PPPoE connection, do not use Add Default route, add it manually.
hope this helps. if you have any problem show your config for NAT and Route
-
-
stefanelul2000
newbie
- Posts: 25
- Joined:
Re: NAT 2 PPPoE connections
So I've tried to create a masquerade nat rule with src-address 192.168.88.5 and put it as the first nat rule but it looks like It doesn't do anything.
The routes are mostly dynamic besides 2 that are for my fail over connection and GRE Tunnel.
A photo of the routes can be seen in the attachment.
Code: Select all
/ip firewall layer7-protocol
add name=dc-contab.root regexp=dc-contab.root
/ip firewall address-list
add address=217.10.195.122 list="WinBox Access"
add address=192.168.50.1-192.168.50.50 list="WinBox Access"
add address=192.168.100.0/24 list="WinBox Access"
/ip firewall filter
add action=drop chain=forward comment="Drop Invalid Connections RDS" connection-state=invalid in-interface="PPPoE RDS"
add action=drop chain=input connection-state=invalid in-interface="PPPoE RDS"
add action=drop chain=forward comment="Drop Invalid Connections VDF" connection-state=invalid in-interface=ETH2-VDF
add action=drop chain=input connection-state=invalid in-interface=ETH2-VDF
add action=drop chain=input comment="Drop DNS Requests" dst-port=53 in-interface="PPPoE RDS" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="PPPoE RDS" protocol=udp
add action=accept chain=input comment="Allow VPN Connection" dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=forward dst-port=50,68,123,320,500,6000,6006,7547,7548,4500 protocol=tcp
add action=accept chain=forward comment="Allow connections from LAN" in-interface="LAN Bridge"
add action=accept chain=forward comment="Allow connections from LAN" in-interface="SRV Bridge"
add action=fasttrack-connection chain=forward comment="Allow established connections" connection-state=established
add action=accept chain=forward comment="Allow related connections" connection-state=related
add action=accept chain=input comment="Allow Ping from WAN RDS" in-interface="PPPoE RDS" protocol=icmp
add action=accept chain=input comment="Allow Ping from WAN VDF" in-interface=ETH2-VDF protocol=icmp
add action=accept chain=input comment="Allow access to the router from WinBox Address List" src-address-list="WinBox Access"
add action=accept chain=input comment="Allow established connections to the router RDS" connection-state=established in-interface="PPPoE RDS"
add action=accept chain=input comment="Allow related connections to the router RDS" connection-state=related in-interface="PPPoE RDS"
add action=accept chain=input comment="Allow established connections to the router VDF" connection-state=established in-interface=ETH2-VDF
add action=accept chain=input comment="Allow related connections to the router VDF" connection-state=related in-interface=ETH2-VDF
add action=drop chain=input in-interface-list=!LAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.88.1 dst-port=53 layer7-protocol=dc-contab.root new-connection-mark=dc-contab.root-forward protocol=tcp
add action=mark-connection chain=prerouting dst-address=192.168.88.1 dst-port=53 layer7-protocol=dc-contab.root new-connection-mark=dc-contab.root-forward protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="WAN RDS-SERVER NAT" out-interface="PPPoE Server" src-address=192.168.88.5
add action=masquerade chain=srcnat comment="WAN RDS NAT" out-interface="PPPoE RDS" src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="WAN VDF NAT" out-interface=ETH2-VDF
add action=masquerade chain=srcnat comment="VPN NAT" out-interface="PPPoE RDS" src-address=192.168.50.1-192.168.50.254
add action=dst-nat chain=dstnat dst-address=86.123.175.221 dst-port=50,68,320,500,4500,6000,6006,7547,7548 in-interface="PPPoE RDS" protocol=tcp to-addresses=192.168.88.7 to-ports=0-65535
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=!192.168.88.1 src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment="Forward port 80 to Organizr" dst-address=!192.168.88.1 dst-address-type=local dst-port=80 protocol=tcp to-addresses=192.168.88.5 to-ports=81
add action=dst-nat chain=dstnat comment="Forward port 443 to Organizr" dst-address=!192.168.88.1 dst-address-type=local dst-port=443 protocol=tcp to-addresses=192.168.88.5 to-ports=444
add action=dst-nat chain=dstnat comment="Forward port 6881-6999 to rTorrent" dst-address=!192.168.88.1 dst-address-type=local dst-port=6881-6999 protocol=tcp to-addresses=192.168.88.5 to-ports=6881-6999
add action=dst-nat chain=dstnat comment="RDP SRV" disabled=yes dst-address=86.123.175.221 dst-port=3389 in-interface="PPPoE RDS" protocol=tcp to-addresses=192.168.88.5 to-ports=3389
add action=dst-nat chain=dstnat comment="NAT dc-contab.root zone" connection-mark=dc-contab.root-forward to-addresses=192.168.100.100
add action=masquerade chain=srcnat connection-mark=dc-contab.root-forward
Code: Select all
/ip route
add distance=10 gateway=192.168.1.1
add distance=1 dst-address=192.168.100.0/24 gateway=172.22.22.1
You do not have the required permissions to view the files attached to this post.
Who is online
Users browsing this forum: Amazon [Bot], Google [Bot] and 45 guests