Community discussions

MikroTik App
 
noseytable
just joined
Topic Author
Posts: 4
Joined: Thu Aug 11, 2022 8:32 pm

Struggling with multiple WAN IP's

Thu Aug 11, 2022 8:40 pm

Good day everyone!

Okay, so I previously had two routers, which I now replaced with a single CCR1009.

I have three public IP's, all assigned to the same interface, and I have port forwarding figured out from specific WAN IP's.

The issue I have is forcing specific subnets to use specific WAN IP's as their gateways to the outside world.

For example, I would like to force:

Subnet1: 172.16.101.0/24 to use (for example) 1.2.3.4;
Subnet 2: 172.16.102.0/24 to use (for example) 5.6.7.8;

Also some specific devices on other subnets to use a specific WAN IP.

I've tried a few different ways of making this work, but I've been unable to up until now. I saw a post about adding mangle rules and marking the traffic, but the moment I do that it breaks access between my subnets.

Could anyone help please?
 
impunoc
just joined
Posts: 3
Joined: Tue Feb 27, 2018 12:58 am

Re: Struggling with multiple WAN IP's

Fri Aug 12, 2022 12:58 am

Have you tried specifyng src-address in nat rule? (also you can try src-address-list in advanced tab for specific IPs, making your own list in firewall-address lists )
Something like:

/ip firewall add action=src-nat chain=src-nat out-interface=ether1-wan src-address=172.16.101.0/24 to-addresses=1.2.3.4
/ip firewall add action=src-nat chain=src-nat out-interface=ether1-wan src-address=172.16.102.0/24 to-addresses=5.6.7.8
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Struggling with multiple WAN IP's

Fri Aug 12, 2022 4:52 am

One has to be careful of ensuring the requirements are understood.
Can you clarify that you are addressing only traffic ORIGINATING on the router heading outbound.
In other words you dont run servers where people are originating traffic external to the router heading for your LAN network.

If its the simple case, then for whole subnets its easy.
For individual IPs, suggest you try to put them in a subnet together to make life easy.
If you cannot, then you have to mangle traffic, all very doable but adds a layer of complexity.

Who is online

Users browsing this forum: almdandi, Bing [Bot], mkx, mtkvvv, xstrid3rx and 82 guests