Community discussions

MikroTik App
 
mohammadalsharqi
newbie
Topic Author
Posts: 39
Joined: Fri Jan 07, 2011 12:04 am

Nat multiple wan with route mark

Thu Dec 22, 2022 2:18 pm

Hi Everyone
I have 3 wan:
1st- 192.168.169.1
2nd- 192.168.172.1


i would like to route youtube, facebook, and meta address list to 2nd wan, while make the first wan as the main. the problem when i use nat masquerade for all wan i got some problem in response from the first wan. what is the best way to nat the connection without interference of packets

thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Nat multiple wan with route mark

Thu Dec 22, 2022 6:13 pm

and how do you propose to identify sites that have no fixed wanip address...........
 
mohammadalsharqi
newbie
Topic Author
Posts: 39
Joined: Fri Jan 07, 2011 12:04 am

Re: Nat multiple wan with route mark

Thu Dec 22, 2022 6:17 pm

lets goes through the first wan, except ip address list that i want to route it to 2nd wan
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Nat multiple wan with route mark

Thu Dec 22, 2022 7:09 pm

distance=2 dst-address=0.0.0.0/0 gwy=ISP1 table=main
distance=5 dst-address=0.0.0.0/0 gwy=ISP2 table=main

Right off the bat all users will be directed to to ISP1.
If you wanted to diirect a subnet or subnets out WAN2, very easy without using mangling.
If you wanted a few users lets say 10 or less, (because you need a route rule per user), then mangling can also be avoided.

However if you have a large number of users and also from different subnets then that would be more difficult and would need mangling.


(1) The easy method consists of creating a table, an additional route for WAN2 ( third route in total) with table=new table name, and corresponding routing rule(s).
add distance=5 dst-address=0.0.0.0/0 gwy=ISP2 table=useWAN2 distance=5

/routing table add name=useWAN2 fib
/routing rule add src-address=subnet OR single IP action=lookup table=useWAN2
Note: If you never wanted them to have access to WAN1 (lets say WAN2 is not available) then use action=lookup-only-in-table

(2) The more complex method consists of mangling/identifying that address list of users in pre-routing heading for the internet and basically,
ensuring they are also routed out WAN2.

First ( for V7) you need to create the table.
/routing table add name=specific-users fib

Then the Mangle.........
/ip firewall mangle
add chain=prerouting src-address-list=special-group mark=no-mark action=mark-routing new-routing-mark=specific-users { (same for v6 and v7)}

Then the routes
/ip route
distance=2 dst-address=0.0.0.0/0 gateway=ISP1 table=main
distance=5 dst-address=0.0.0.0/0 gateway=ISP2 table=main
and the additional third route
distance=5 dst-address=0.0.0.0./0 gateway=ISP2 routing-mark=specific-users (V6)
OR
distance=5 dst-address=0.0.0.0/0 gateway=ISP2 table=specific-users (v7)



If you wish to keep fasttrack for the rest of the traffic, modify two copies of the regular established,related rule and put them in front of the fasttrack rule - one rule for originating traffic and one rule for returning traffic. The modification is the addition of the firewall address list!
add action=accept chain=forward connection-state=established,related src-address-list=special-group
add action=accept chain=forward connection-state=established,related dst-address-list=special-group

Who is online

Users browsing this forum: No registered users and 33 guests