Community discussions

MikroTik App
 
camilojaraba
just joined
Topic Author
Posts: 2
Joined: Thu Oct 15, 2009 12:15 am

How to get 2 lan with 2 wan

Thu Oct 15, 2009 12:24 am

Hi people!
please excuse my english...

the thing is, I have a PC with routerOS 3.28
the escenario:
I have a lan network (192.168.5.0/24) which is going out by the ISP1, this one is working perfectly.

I have another network (like a DMZ) 172.16.31.0/30 and I want this network go out to ISP2 on the same RouterOS-PC

the first problem is that i cann't do ping to the ISP2 public ip address from outside, but if i connect the cable to a windows machine, and configure the settings for this ISP2 i do ping without problem. so, I think I'm doing something wrong.

I dont need balancing I just need two networks... 192.168.5.0/24 >>> ISP1 and 172.16.31.0/30 >>> ISP2, and then I will have ISP2 >> 172.16.31.2 NAT working.

thank you!
 
User avatar
bellis
newbie
Posts: 49
Joined: Wed Nov 05, 2008 1:15 am
Location: Woodland, WA
Contact:

Re: How to get 2 lan with 2 wan

Tue Oct 20, 2009 11:14 pm

using pre routing marks, tag based on src-address

set default routes based on prerouting mark
"If it ain't broke, you're not tryin"
 
dog
Member Candidate
Member Candidate
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: How to get 2 lan with 2 wan

Wed Oct 21, 2009 3:44 am

Basically you have three sources to account for:

- LAN 192.168.5.0/24
- DMZ 172.16.31.0/30 (This means the DMZ only consits of one Server and the router !?)
- The router itself

I would use three routers in this case:
ISP1 --- 84.234.123.43/32 --- NAT-Router ---- 10.255.255.0/30 -+    +-- 192.168.5.0/24 --- PCs
                                                               |    |
                                                              RouterOS
                                                               |    |
ISP2 --- 217.12.42.423/32 ---- Router ------- 10.255.255.4/30 -+    +-- 172.16.31.0/30 --- Server


So, why not do this directly in RouterOS?
One simple reason: With policy routing (which bellis mentioned) you always need to enter the gateway IPs, but you never know when your ISP gets in the mood of changing it's gateways IP and suddenly everything stops working.
To prevent this I would put two routers in front and in RouterOS then reference their LAN-IPs :)

And now on to policy based routing:

Go into IP > Firewall > Mangle and add a new rule:

Chain: prerouting
Src. address: 172.16.31.0/30
Action: mark routing -> dmz-traffic

Then go into IP > Routes and add a new route:
Destination: 0.0.0.0/0
Gateway: 10.255.255.6 (for my example from above)
Routing mark: dmz-traffic

That should do the trick.

Best regards

Max

Who is online

Users browsing this forum: Bing [Bot] and 36 guests