Hello everybody. There are many articles on the Internet on how to configure MultiWAN on Router OS. I have a similar task, but there is one fundamental difference - I need to configure 3 WAN networks and 3 LAN networks on one router, which will work according to the scheme:
WAN1 (pppoe, 89.169.x.x) - LAN1 (bridge 10.1.0.1/24)
WAN2 (pppoe, 89.170.x.x) - LAN2 (bridge 10.2.0.1/24)
WAN3 (pppoe, 89.171.x.x) - LAN3 (bridge 10.3.01./24)
Each WAN-LAN pair should be independent from the others, and LAN users should not see users from other LANs. Each LAN has different users and different services (web servers, mail, network controllers, ERP, and so on).
I don't need redundancy - if one WAN falls, then falls the corresponding internet connection and corresponding LAN loose internet access.
What is the best and more correct way to implement this? Mangle, VLAN? Advise ...
P.S. using ROUTER OS 7.1.1
THANKS
-
-
shailparmar
Frequent Visitor
- Posts: 97
- Joined:
- Location: GB
- Contact:
Re: MultiWAN without redundancy
You can achieve this via policy based routing.
1. Create three separate address list for thre lan pools
2. Create three Mangle rules for mark routing to three address list.
3. Create three default routes with routing mark and cooresponding wan gateway.
4. Masquerade rules for all wans or ip pools.
1. Create three separate address list for thre lan pools
2. Create three Mangle rules for mark routing to three address list.
3. Create three default routes with routing mark and cooresponding wan gateway.
4. Masquerade rules for all wans or ip pools.
Re: MultiWAN without redundancy
SIX ROUTES
Dst-address=0.0.0.0/0 gateway=WAN1-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN2-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN3-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN1-gw table=LAN1-Traffic
Dst-address=0.0.0.0/0 gateway=WAN2-gw table=LAN2-Traffic
Dst-address=0.0.0.0/0 gateway=WAN3-gw table=LAN3-Traffic
THREE ROUTE RULES
Where you have three corresponding Route Rules (that are constructed thusly)
Source address=subnet of LAN (like 10.1.0.0/24)
Action: Lookup-only-in-table
Table: LANX-Traffic
Done! (no mangling required)
As for source nat you could do it with one rule
add chain=srcnat action=masquerade out-interface-list=WAN
Or three separate rules (which I tend to do)
add chain=srcnat action=masquerade out-interface=pppoe1-out
add chain=srcnat action=masquerade out-interface=pppoe2-out
add chain=srcnat action=masquerade out-interface=pppoe3-out
Dst-address=0.0.0.0/0 gateway=WAN1-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN2-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN3-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN1-gw table=LAN1-Traffic
Dst-address=0.0.0.0/0 gateway=WAN2-gw table=LAN2-Traffic
Dst-address=0.0.0.0/0 gateway=WAN3-gw table=LAN3-Traffic
THREE ROUTE RULES
Where you have three corresponding Route Rules (that are constructed thusly)
Source address=subnet of LAN (like 10.1.0.0/24)
Action: Lookup-only-in-table
Table: LANX-Traffic
Done! (no mangling required)
As for source nat you could do it with one rule
add chain=srcnat action=masquerade out-interface-list=WAN
Or three separate rules (which I tend to do)
add chain=srcnat action=masquerade out-interface=pppoe1-out
add chain=srcnat action=masquerade out-interface=pppoe2-out
add chain=srcnat action=masquerade out-interface=pppoe3-out