Hi All,
I have two gateways to the internet using RB750
Gateway 1: 1.1.1.1 (ISP1)
Gateway 2: 2.2.2.2 (ISP2)
LAN: 192.168.16.0/24
How to route access to certain ip to a specific gateway
For example, LAN access to IP 3.3.3.3 will go through gateway 2 (ISP2)
While access to other IP and browsing to Gateway 1 (ISP1)
Thank you in advance
[Sorry for my messy english]
Re: separate traffic to other gateway
Not a problem,.......
So basically you have a situation where
ISP1 is the primary gateway and you want all users to use this gateway.
BUT
You have one user that you want to force to ISP2.
Question1: What happens if ISP1 becomes unavailable for some reason, did you want all users to then be able to access ISP2?
Question2: What happens if ISP2 becomes unavailable for some reason, did you want the special user to then have access to ISP1?
So basically you have a situation where
ISP1 is the primary gateway and you want all users to use this gateway.
BUT
You have one user that you want to force to ISP2.
Question1: What happens if ISP1 becomes unavailable for some reason, did you want all users to then be able to access ISP2?
Question2: What happens if ISP2 becomes unavailable for some reason, did you want the special user to then have access to ISP1?
Re: separate traffic to other gateway
Hi anav.. sorry for my late reply
The answer is "no"
If ISP1 or ISP2 down, then no reroute to IP 3.3.3.3
The reason is, ISP2 use for app and database replication to Head Office (IP 3.3.3.3)
ISP1, use for browsing and email
ISP1 block port sql server
Thanks
The answer is "no"
If ISP1 or ISP2 down, then no reroute to IP 3.3.3.3
The reason is, ISP2 use for app and database replication to Head Office (IP 3.3.3.3)
ISP1, use for browsing and email
ISP1 block port sql server
Thanks
Not a problem,.......
So basically you have a situation where
ISP1 is the primary gateway and you want all users to use this gateway.
BUT
You have one user that you want to force to ISP2.
Question1: What happens if ISP1 becomes unavailable for some reason, did you want all users to then be able to access ISP2?
Question2: What happens if ISP2 becomes unavailable for some reason, did you want the special user to then have access to ISP1?
Re: separate traffic to other gateway
Okay so let me get this straight.
ONE LAN on MT router
ALL IPs to use WAN1
Specific IP to use WAN2
If WAN2 fails, then Specific IP is NOT rerouted over WAN1 (office app data replication function to head office is cut-off).
If WAN1 fails, then access for email and browsing for all users is NOT rerouted (access to browsing and email is cut-off).
So there is not fail-over required for this setup?
ONE LAN on MT router
ALL IPs to use WAN1
Specific IP to use WAN2
If WAN2 fails, then Specific IP is NOT rerouted over WAN1 (office app data replication function to head office is cut-off).
If WAN1 fails, then access for email and browsing for all users is NOT rerouted (access to browsing and email is cut-off).
So there is not fail-over required for this setup?
Re: separate traffic to other gateway
You do realize that IP 3.3.3.3 can reach any other IP on the LAN and anybody on the LAN can reach 3.3.3.3??
In the simple case, my assumptions then...
/ip route
add distance=1 gateway=gatewayIP of WAN2 preferred source= 3.3.3.3
add distance=2 gateway=gatewayIP of WAN1
You will need some SourceNat Rules as well.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN2 src-address=3.3.3.3
add action=masquerade chain=srcnat comment="SCR_NAT for LAN Users" \
out-interface=WAN1
In the simple case, my assumptions then...
/ip route
add distance=1 gateway=gatewayIP of WAN2 preferred source= 3.3.3.3
add distance=2 gateway=gatewayIP of WAN1
You will need some SourceNat Rules as well.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN2 src-address=3.3.3.3
add action=masquerade chain=srcnat comment="SCR_NAT for LAN Users" \
out-interface=WAN1
Re: separate traffic to other gateway
hi anav, thanks for your reply
There might be a misperception between us
Here is my topology
LAN: 192.168.16.0/24
ISP1: 1.1.1.1
ISP2: 2.2.2.2
HO IP: 3.3.3.3
Connection to IP HO (3.3.3.3) from the LAN will be routed to ISP1
While other access (browsing and e-mail) will be routed to ISP2
If ISP1 down, then internet LAN user will be down
If ISP2 down, then connection to HO (3.3.3.3) will be down
There's no failover at ISP1 and ISP2
If ISP1 and ISP2 down, then there will be chaos in the office ^^
I'm trying to use mark routing, hopefully it works
Thank you in advance
There might be a misperception between us
Here is my topology
LAN: 192.168.16.0/24
ISP1: 1.1.1.1
ISP2: 2.2.2.2
HO IP: 3.3.3.3
Connection to IP HO (3.3.3.3) from the LAN will be routed to ISP1
While other access (browsing and e-mail) will be routed to ISP2
If ISP1 down, then internet LAN user will be down
If ISP2 down, then connection to HO (3.3.3.3) will be down
There's no failover at ISP1 and ISP2
If ISP1 and ISP2 down, then there will be chaos in the office ^^
I'm trying to use mark routing, hopefully it works
Thank you in advance
You do realize that IP 3.3.3.3 can reach any other IP on the LAN and anybody on the LAN can reach 3.3.3.3??
In the simple case, my assumptions then...
/ip route
add distance=1 gateway=gatewayIP of WAN2 preferred source= 3.3.3.3
add distance=2 gateway=gatewayIP of WAN1
You will need some SourceNat Rules as well.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN2 src-address=3.3.3.3
add action=masquerade chain=srcnat comment="SCR_NAT for LAN Users" \
out-interface=WAN1
Re: separate traffic to other gateway
I dont understand why a business would not want to make use of the redundancy of a dual wan scenario or in other words why would want a potential chaos when it could be avoided.
Oh well, can lead a horse to water.............
I think I understand better now, lets see if I got it.
There is only one lan.
All lan traffic headed for public IP HO IP shall use WAN2
All other lan traffic headed for the internet shall use WAN1
/ip firewall mangle
add chain=prerouting action=mark-connection dst-address=3.3.3.3 \
connection mark=no-mark new-connection-mark=HOtraffic in-interface=LAN\
passthrough =yes
add chain=prerouting action=mark-route connection-mark=HOtraffic\
new-routing-mark=routeHO passthrough=no
/ip route
add distance=2 gateway=(gatewayIP of WAN1)
add distance=3 gateway=(gatewayIP of WAN2) routing-mark=routeHO
Oh well, can lead a horse to water.............
I think I understand better now, lets see if I got it.
There is only one lan.
All lan traffic headed for public IP HO IP shall use WAN2
All other lan traffic headed for the internet shall use WAN1
/ip firewall mangle
add chain=prerouting action=mark-connection dst-address=3.3.3.3 \
connection mark=no-mark new-connection-mark=HOtraffic in-interface=LAN\
passthrough =yes
add chain=prerouting action=mark-route connection-mark=HOtraffic\
new-routing-mark=routeHO passthrough=no
/ip route
add distance=2 gateway=(gatewayIP of WAN1)
add distance=3 gateway=(gatewayIP of WAN2) routing-mark=routeHO
Who is online
Users browsing this forum: GoogleOther [Bot], MauriceW and 120 guests