Community discussions

MikroTik App
 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 22, 2010 6:21 pm

Help in Routing

Sun Feb 04, 2018 2:53 pm

Hello Everyone,

1: I have one RB750Gr3 and i have add two different ISP in the Routerboard and have done the Loadbalancing.
2: and i Have Mikrotik on x86 PC and the loadblancing as WAN from RB750Gr3

Now i need help

i have a webserver e.g 192.168.20.x Port 80

i want to access my webserver from my static IP 110.x.x.x from WAN1 But the Webserer is attached with x86 pc.

How can i do this ?

[Image
Sorry for my English
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Help in Routing

Sun Feb 04, 2018 6:07 pm

You need to use a dst-nat rule in dstnat chain of the NAT table of the firewall. So when a packet arrives to port TCP/80 of the public IP of your WAN1, you have to redirect it to port TCP/80 of your server, and the connection will be automatically tracked so the server's response will be src-nated before being sent to the client via WAN1. If the connection tracking does not prevent the responses from being routed via WAN2 (I'm not sure whether connection tracking can do that), you'll have to use routing marks to make sure that packets sent from TCP/80 of your web server will only use WAN1.

The above works if there are no more "routing obstacles" between your RB750Gr3 and the server.

If you want to have the traffic balanced between WAN1 and WAN2, you'd have to use DNS to translate a single name to both your public addresses (WAN1 and WAN2).
 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 22, 2010 6:21 pm

Re: Help in Routing

Mon Feb 05, 2018 10:28 am

You need to use a dst-nat rule in dstnat chain of the NAT table of the firewall. So when a packet arrives to port TCP/80 of the public IP of your WAN1, you have to redirect it to port TCP/80 of your server, and the connection will be automatically tracked so the server's response will be src-nated before being sent to the client via WAN1. If the connection tracking does not prevent the responses from being routed via WAN2 (I'm not sure whether connection tracking can do that), you'll have to use routing marks to make sure that packets sent from TCP/80 of your web server will only use WAN1.

The above works if there are no more "routing obstacles" between your RB750Gr3 and the server.

If you want to have the traffic balanced between WAN1 and WAN2, you'd have to use DNS to translate a single name to both your public addresses (WAN1 and WAN2).
i have tried this dst-nat rule but it does not work for me because my web server is connected with the Mikrotik x86 pc and the static IP (WAN1) is in RB750Gr3.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Help in Routing

Mon Feb 05, 2018 10:47 am

i have tried this dst-nat rule but it does not work for me because my web server is connected with the Mikrotik x86 pc and the static IP (WAN1) is in RB750Gr3.
Well, it is not just because the server is connected to another Mikrotik than where the WAN interface is, but probably because there are some settings on one or both of your Mikrotiks which prevent it from working.

Is there any firewall NAT rule on the x86 Mikrotik?
 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 22, 2010 6:21 pm

Re: Help in Routing

Mon Feb 05, 2018 10:56 am

i have tried this dst-nat rule but it does not work for me because my web server is connected with the Mikrotik x86 pc and the static IP (WAN1) is in RB750Gr3.
Well, it is not just because the server is connected to another Mikrotik than where the WAN interface is, but probably because there are some settings on one or both of your Mikrotiks which prevent it from working.

Is there any firewall NAT rule on the x86 Mikrotik?
yes have firewall NAT rules on my x86 Mikrotik
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Help in Routing  [SOLVED]

Mon Feb 05, 2018 11:24 am

yes have firewall NAT rules on my x86 Mikrotik
In that case, if you have some reason to keep the x86 Mikrotik with NAT and security rather than configuring routing on the RB750Gr3 to the subnets connected to the x86 and disabling NAT and security on the x86, you would have to configure the dst-nat the following way:
  • on the RB750Gr3, the dst-nat rule must forward the port to the internet-facing IP address of the x86 and to some port like 10000 to avoid conflict with x86 Mikrotik's own web interface,
  • on the x86, the dst-nat rule would redirect from that address and port to the IP of the web server and port 80.
 
luckysunny
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 22, 2010 6:21 pm

Re: Help in Routing

Wed Feb 07, 2018 2:45 pm

yes have firewall NAT rules on my x86 Mikrotik
In that case, if you have some reason to keep the x86 Mikrotik with NAT and security rather than configuring routing on the RB750Gr3 to the subnets connected to the x86 and disabling NAT and security on the x86, you would have to configure the dst-nat the following way:
  • on the RB750Gr3, the dst-nat rule must forward the port to the internet-facing IP address of the x86 and to some port like 10000 to avoid conflict with x86 Mikrotik's own web interface,
  • on the x86, the dst-nat rule would redirect from that address and port to the IP of the web server and port 80.
thanks for helping. works great

Who is online

Users browsing this forum: No registered users and 20 guests