Community discussions

MUM Europe 2020
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

dst-nat one port to multiple NAT ip addresses, HOW-TO do???

Fri Oct 04, 2013 7:47 pm

Hello everybody! Again!

Another interesting problem.

For example, i have 2 web servers behind NAT with IPs 192.168.1.5 and 192.168.1.6

And I have only one WAN (extrernat internet IP) and only ONE... port - 80

I need, to... if first web server will out of rage, the second (reserve) will being accessible instead of the FIRST!

If it's looks like routes - there is no problem - distance=1 and distance=2. BUT... if it is 2 servers behind NAT... can they be exchangeable if first server will offline?

Here is a standard rule for internal web server, behind NAT... to bee accessible from the Internet:
add action=dst-nat chain=dstnat disabled=yes dst-address=31.31.31.31 dst-port=80 protocol=tcp to-addresses=192.168.1.5 to-ports=80 
So... is it possible to access second NAT server if FIRST will be lay down?

HOW-TO... do what automatically, please HELP!!!
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Fri Oct 04, 2013 8:30 pm

Hello everybody! Again!

Another interesting problem.

For example, i have 2 web servers behind NAT with IPs 192.168.1.5 and 192.168.1.6

And I have only one WAN (extrernat internet IP) and only ONE... port - 80

I need, to... if first web server will out of rage, the second (reserve) will being accessible instead of the FIRST!

If it's looks like routes - there is no problem - distance=1 and distance=2. BUT... if it is 2 servers behind NAT... can they be exchangeable if first server will offline?

Here is a standard rule for internal web server, behind NAT... to bee accessible from the Internet:
add action=dst-nat chain=dstnat disabled=yes dst-address=31.31.31.31 dst-port=80 protocol=tcp to-addresses=192.168.1.5 to-ports=80 
So... is it possible to access second NAT server if FIRST will be lay down?

HOW-TO... do what automatically, please HELP!!!
You could write a script and use netwatch... when server 1 stops responding to pings then switch to server 2. I don't know of a built in way to do it.
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Fri Oct 04, 2013 9:42 pm

You could write a script and use netwatch... when server 1 stops responding to pings then switch to server 2. I don't know of a built in way to do it.
I very appreciative your affort for help, but... it's NOT a help. Sorry!
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Sun Oct 06, 2013 6:51 pm

Can somebody tell, if it possible to make route like rules with distance priority to change the route from current to reserve (like distance=1 and distance=2)? Is that possible to make such like rules for resources behind NAT??? AND HOW?????

Please somebody!!!
 
Sob
Forum Guru
Forum Guru
Posts: 4876
Joined: Mon Apr 20, 2009 9:11 pm

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Sun Oct 06, 2013 9:45 pm

There's no "distance" for firewall rules and the first suggestion was right:

ros code

/ip firewall nat
add chain=dstnat dst-address=31.31.31.31 protocol=tcp dst-port=80 \
    action=dst-nat to-addresses=192.168.1.5 comment=mainwww
add chain=dstnat dst-address=31.31.31.31 protocol=tcp dst-port=80 \
    action=dst-nat to-addresses=192.168.1.6 comment=backupwww
/tool netwatch
add host=192.168.1.5 interval=1m timeout=1s \
    up-script="/ip firewall nat enable [find comment=\"mainwww\"]" \
    down-script="/ip firewall nat disable [find comment=\"mainwww\"]"
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Mon Oct 07, 2013 8:25 am

There's no "distance" for firewall rules and the first suggestion was right:

ros code

/ip firewall nat
add chain=dstnat dst-address=31.31.31.31 protocol=tcp dst-port=80 \
    action=dst-nat to-addresses=192.168.1.5 comment=mainwww
add chain=dstnat dst-address=31.31.31.31 protocol=tcp dst-port=80 \
    action=dst-nat to-addresses=192.168.1.6 comment=backupwww
/tool netwatch
add host=192.168.1.5 interval=1m timeout=1s \
    up-script="/ip firewall nat enable [find comment=\"mainwww\"]" \
    down-script="/ip firewall nat disable [find comment=\"mainwww\"]"
Sob, thank you very very much for such explication!!!

It's really great device - Mikrotik, with great support :!:
 
garlicbulb
newbie
Posts: 46
Joined: Mon Jul 25, 2011 12:41 am

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Mon Oct 07, 2013 9:00 am

The other way to do this is to have an "pseudo" IP address like 192.168.2.1 on both Web servers as an alias.

They you route 192.168.2.1 via 192.168.1.5 with distance 1 and via 192.168.1.6 with distance 2.

If 192.168.1.5 stops answering the ping, the route will go inactive and switch to the backup route.

You can also use a similar technique to roughly load balance the web server
 
User avatar
cybercoder
Member Candidate
Member Candidate
Posts: 176
Joined: Tue Dec 07, 2010 11:20 pm
Location: Guilan, Iran
Contact:

Re: dst-nat one port to multiple NAT ip addresses, HOW-TO do

Mon Oct 07, 2013 9:35 am

After i read your first post, it seems you need to balance the load of input web traffic and do failover.
The standard way is use DNS load balancing: Imagine google web servers, when you want to access google.com it may have different IP addresses in each request. This feature is called DNS load balancing.
But with routerOS i think there's only NetWatch and scripts as tools to implement this feature as mentioned by other guys in post 2 or 3.
Any sufficiently advanced technology is indistinguishable from magic. ( Arthur C Clarke )
Mikrotik certified consultant
Microsoft Certified Technology Specialist, Microsoft Certified IT Proffessional
http://www.netd.ir

Who is online

Users browsing this forum: No registered users and 70 guests