Another LAN 2 WAN problem and a question about redundancy

Remco · Wed Jul 02, 2014 2:58 pm

Hello all!

Problems:

Can't access the internet from PC.
Don't know how to configure redundant uplink.

Situation:

Our provider offers two uplinks, each configured as a vlan. Over that they route a public IP range 5.xxx.xxx.129/27. Behind the router is one Linux server with a static IP.

Port forwarding to this static IP (192.168.1.203 port 22) works fine, I can SSH into this server. I don't have access to the internet from this server though. I do understand I've to bridge the 192.168.1.0/24 IP range to something, but what? And how?

Another problem is the redundant uplink. Right now I've this in my script:

add address=5.xxx.xxx.129/27 interface=v1813 network=5.xxx.xxx.128

I guess this means that when vlan v1813 drops and get taken over by vlan v2813 the traffic from 5.xxx.xxx.129/27 will not be handled. How to solve this?

It would be fantastic when someone can help me out here!

export:

ros code

# jul/02/2014 13:27:19 by RouterOS 6.1
# software id = H0GU-KGSB
#
/interface bridge
add l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface ethernet
set 0 name=ether1-gateway
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ether1-gateway l2mtu=1594 name=v1813 vlan-id=1813
add interface=ether2 l2mtu=1594 name=v2813 vlan-id=2813
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether1-gateway
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=bridge-local network=192.168.1.0
add address=5.xxx.xxx.129/27 interface=v1813 network=5.xxx.xxx.128
add address=192.168.108.38/30 interface=v1813 network=192.168.108.36
add address=192.168.208.38/30 interface=v2813 network=192.168.208.36
/ip dns
set allow-remote-requests=yes servers=213.163.76.185,91.198.152.196
/ip dns static
add address=192.168.1.1 name=router
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-address=5.xxx.xxx.130 dst-port=223 protocol=tcp to-addresses=192.168.1.203 to-ports=22
/ip route
add check-gateway=ping distance=1 gateway=192.168.108.37
add check-gateway=ping distance=1 gateway=192.168.208.37
/system ntp client
set mode=unicast primary-ntp=64.90.182.55 secondary-ntp=96.47.67.105
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local

cbrown · Wed Jul 02, 2014 3:49 pm

You need to change your masquerade rule to go out the VLAN which is where your internet is coming in instead of ether1.

As for the redundant internet connection with the VLANs you will need to provide or get more information from your provider.

Remco · Wed Jul 02, 2014 5:03 pm

Thank you. Tried your suggestion but it didn't help I'm afraid.

Regarding the redundancy:

Both uplinks have a vlan assigned.

Uplink 1:
ISP 192.168.108.37/30
Ours 192.168.108.38/30
vlan tag 1813

Uplink 2:
ISP 192.168.208.37/30
Ours 192.168.208.38/30
vlan tag 2813

When uplink 1 goes down uplink 2 takes over. The traffic to us is done by two equal-cost static routes (192.168.x08.38/30) and we've two equal-cost static default routes to 192.168.x08.37/30.