Community discussions

MikroTik App
 
xeriou
just joined
Topic Author
Posts: 4
Joined: Wed Sep 21, 2016 11:18 am

Dual wan input with DNAT

Wed Sep 21, 2016 11:41 am

Hello ,

I have two WAN
WAN-1 : 1.1.1.1/24 GW-1 : 1.1.1.254
WAN-2 : 2.2.2.1/24 GW-2 : 2.2.2.254

and a LAN for server
LAN : 192.168.1.0/24 192.168.1.254(GW is one of RB interface)

I want that if user get http://1.1.1.1, it will access 192.168.1.1:18000
and get http://2.2.2.1 , it will access 192.168.1.1:18000, too

so, here is my configuration

I add default route , one in main, another in RouteTable-WAN2
/ip route
add distance=1 gateway=2.2.2.254 routing-mark=RouteTable-WAN2
add distance=1 gateway=1.1.1.254
/ip route rule
add action=lookup-only-in-table src-address=2.2.2.2/24 table=RouteTable-WAN2
add two dst-nat to foward
add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.1.1 to-ports=18000
add action=dst-nat chain=dstnat dst-address=2.2.2.1 dst-port=80 protocol=tcp to-addresses=192.168.1.1 to-ports=18000
I think the next step is mark connection to filter which connection should to mark routing RouteTable-WAN2 that can reply in right way ...
but, i get stuck ORZ....
dose any one has idea ?? ...
 
Sob
Forum Guru
Forum Guru
Posts: 5705
Joined: Mon Apr 20, 2009 9:11 pm

Re: Dual wan input with DNAT

Wed Sep 21, 2016 4:58 pm

In short, watch for new connections coming from WAN without connection marks and add them. And then mark routing based on these connection marks.

Something like this:
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN1 \
    new-connection-mark=WAN1conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN2 \
    new-connection-mark=WAN2conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1conn \
    new-routing-mark=WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2conn \
    new-routing-mark=WAN2 passthrough=yes
/ip route
add distance=1 gateway=1.1.1.254 routing-mark=WAN1
add distance=1 gateway=2.2.2.254 routing-mark=WAN2
/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
xeriou
just joined
Topic Author
Posts: 4
Joined: Wed Sep 21, 2016 11:18 am

Re: Dual wan input with DNAT

Thu Sep 22, 2016 2:08 pm

In short, watch for new connections coming from WAN without connection marks and add them. And then mark routing based on these connection marks.

Something like this:
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN1 \
    new-connection-mark=WAN1conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN2 \
    new-connection-mark=WAN2conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1conn \
    new-routing-mark=WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2conn \
    new-routing-mark=WAN2 passthrough=yes
/ip route
add distance=1 gateway=1.1.1.254 routing-mark=WAN1
add distance=1 gateway=2.2.2.254 routing-mark=WAN2
/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main
THANKS FOR YOUR HELP !!!!!!!!
I think this is key point :P...
/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main

Who is online

Users browsing this forum: glat, Google [Bot], Spaz and 109 guests