Community discussions

MikroTik App
 
se232
newbie
Topic Author
Posts: 49
Joined: Fri Sep 18, 2015 7:34 pm

Multiple WAN IP-addresses

Fri Sep 30, 2022 12:24 pm

Hello forum,

I have a mikrotik router (1100AHx2) running ROS 7.5 with 2 WAN interfaces (2 WAN IP addresses), all the other interfaces are internal.
router has the internal address 10.1.1.1/16 (bridge)
ether01-WAN = 80.x.y.z (outgoing traffic is masquerade)
ether02-WAN = 62.a.b.c (outgoing traffic is masquerade)
I would like to forward requests on port 80 from ether01-WAN to one internal server (10.1.1.10) and requests on port 80 from ether02-WAN to another server (10.1.1.20)
1.2.3.4 --> 80.x.y.z(ether01-WAN) --> 10.1.1.10 ==> ether01-WAN ==> 1.2.3.4
1.2.3.4 --> 62.a.b.c(ether02-WAN) --> 10.1.1.20 ==> ether02-WAN ==> 1.2.3.4
The ingoing direction works so far, but the answer from the 2 internal servers always leave the router into the internet over ether01-WAN only
1.2.3.4 --> 80.x.y.z(ether01-WAN) --> 10.1.1.10 ==> ether01-WAN ==> 1.2.3.4 ok
1.2.3.4 --> 62.a.b.c(ether02-WAN) --> 10.1.1.20 ==> !!!!ether01-WAN!!!! ==> 1.2.3.4 nok
How can I make that all requests received on ether02-WAN will leave my router on ether02-WAN into the internet again?

greetings
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: Multiple WAN IP-addresses

Fri Sep 30, 2022 12:58 pm

You need to set up mangle to mark the packets as they enter the router. Then an output rule to hit the right interface. That will then rely on the Route to push those packets over the right interface.
 
se232
newbie
Topic Author
Posts: 49
Joined: Fri Sep 18, 2015 7:34 pm

Re: Multiple WAN IP-addresses

Fri Sep 30, 2022 3:28 pm

Hello gotsprings,

thanks for the quick answer. I am not that much in mangle options, so I need some help/clarification...

there are different mangle type to select (forward, input, output, postrouting and prerouting).
Do you mean an input mangle rule at ether02-WAN?
Action shall be mark packet?
How does the router know that the packets from the internal server shall go out over ether02-WAN?

Or do you mean to put an input mangle rule at the bridge?
But how can I differentiate between server 1 and 2 (10.1.1.10 and 10.1.1.20)?

greetings
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Multiple WAN IP-addresses

Sat Oct 01, 2022 10:22 am

How can I make that all requests received on ether02-WAN will leave my router on ether02-WAN into the internet again?
Start reading this post from the last paragraph, which relates it to your question.

But for the particular scenario where each of the two public IPs is dst-nated to a different server in LAN, you can use the address of the internal server as a key to choose the WAN for the traffic sent by that server, which allows you to use routing rules rather than mangle rules to choose the routing table.
 
se232
newbie
Topic Author
Posts: 49
Joined: Fri Sep 18, 2015 7:34 pm

Re: Multiple WAN IP-addresses

Mon Oct 03, 2022 7:26 am

Hello sindy,

thanks for the answer! I found out, too, that the internal servers have different addresses, so I implemented already a routing route that they leave the local net over 2 different ways.

Just for curiosity... Is it possible to have just one internal server and the answers go back over the correct interface?
1.2.3.4 --> 80.x.y.z(ether01-WAN) --> 10.1.1.10 ==> ether01-WAN ==> 1.2.3.4
1.2.3.4 --> 62.a.b.c(ether02-WAN) --> 10.1.1.10 ==> ether02-WAN ==> 1.2.3.4
What rules do I have to apply?

regards
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Multiple WAN IP-addresses

Mon Oct 03, 2022 8:17 am

That's explained in the post I've linked before.
 
se232
newbie
Topic Author
Posts: 49
Joined: Fri Sep 18, 2015 7:34 pm

Re: Multiple WAN IP-addresses

Mon Oct 03, 2022 9:20 am

Ok, thanks!

Was reading(?) too fast

Who is online

Users browsing this forum: apitsos, Batterio, fibracapi, hatred, iustin and 80 guests