Community discussions

 
tlamik
newbie
Topic Author
Posts: 28
Joined: Fri Mar 21, 2014 11:54 am

Two public IP on WAN interface

Fri Mar 21, 2014 12:10 pm

Hi,

I'm trying to setup two public IP on one WAN interface (RB951G-2HnD), but works only one. I think there may be a problem with GW or routing, cos each IP is from different subnet and each IP has its own GW.
I'm tried setup two public IP from the same rage with the same GW and it works great. I'm now strugling with that issue. Could someone help or kick me to the right directions ?

Regards from Czech republic
 
troy
Member
Member
Posts: 302
Joined: Thu Jun 30, 2005 6:47 pm

Re: Two public IP on WAN interface

Fri Mar 21, 2014 2:47 pm

Based on what you describe, the GW devices are separate devices and you do not have any sort of a routing protocol set up or available. An odd setup for sure, but it should work with the addition of some routing marks:

ros code

/ip firewall mangle
  add action=mark-routing chain=prerouting comment="To GW1" new-routing-mark=GW1 src-address=1.1.1.11
  add action=mark-routing chain=prerouting comment="To GW2" new-routing-mark=GW2 src-address=2.2.2.22
/ip routing
  add gateway=1.1.1.1 routing-mark=GW1
  add gateway=2.2.2.2 routing-mark=GW2
Of course, this is a router, so you probably have other subnets behind it. In which case, you'll want to create and use address lists so that traffic from your various subnets gets forwarded to the appropriate gateway. You'll also want to exclude internal traffic from getting marked:

ros code

/ip firewall mangle
  add action=mark-routing chain=prerouting comment="To GW1" new-routing-mark=GW1 \
    src-address-list=TO_GW1 dst-address-list=!INTERNAL
  add action=mark-routing chain=prerouting comment="To GW2" new-routing-mark=GW2 \
    src-address-list=TO_GW2 dst-address-list=!INTERNAL
Hope this helps!
 
tlamik
newbie
Topic Author
Posts: 28
Joined: Fri Mar 21, 2014 11:54 am

Re: Two public IP on WAN interface

Fri Mar 21, 2014 3:42 pm

Thanks for reply.

It's seems very complicated to me. I am not sure if there are separate devices or not. I get UTP cable and these two public IPs from my provider, don't know what is behind.
I want to replace my old iptables linux FW with that MT. I have one physical cable and two different public IPs on it. The old one and the new one, which isn't from the same subnet like the old one. I ask my provider for another IP, but the old pool were used, so he gave me a new subnet pool. On my linux FW, I don't need to setup anything else except IP.
No second GW, no routing, everything works while I add a new IP to my wan interface. I though with MT it will be the same, but I am unable to get it work. I don't need load balancing or something like that. I have a webserver behind MT in DMZ with two public IPs on it. Everything I need is that people from internet will be able to go to both IPs of my web. So the first I have to setup both IP on wan interface and then setup a forward rules on MT. Where is the difference between MT and Linux in that issue ?

Regards
 
troy
Member
Member
Posts: 302
Joined: Thu Jun 30, 2005 6:47 pm

Re: Two public IP on WAN interface

Fri Mar 21, 2014 3:52 pm

Ok, if you can do this with straight IP tables on Linux, you can do this with MT (which is still Linux). You just have to learn the abstraction layers that MT put on top.

So, both IP addresses are from the same provider. You probably don't have to worry about the actual GW then. The provider already knows how to send traffic to either one of your IP addresses and how to deal with traffic FROM either of your IP addresses.

Unless your provider is doing something very whacky, this will work just fine:

ros code

/ip address
  add address=1.1.1.11/24 interface=ether1
  add address=2.2.2.22/24 interface=ether1
/ip route
  add gateway=1.1.1.1
Again, your provider already knows how to reach 2.2.2.22, so you don't need to worry about that. When you send traffic FROM 2.2.2.22, it really doesn't matter which GW IP you use, as the GW router will know how to handle it already. Once you have this in place, test it:

ros code

/ping 8.8.8.8 src-address=1.1.1.11
/ping 8.8.8.8 src-address=2.2.2.22
If this does not work, contact your provider for assistance.
 
tlamik
newbie
Topic Author
Posts: 28
Joined: Fri Mar 21, 2014 11:54 am

Re: Two public IP on WAN interface

Mon Mar 24, 2014 1:05 pm

I thing I have these setting, but no success. I have let's say primary the old one IP with its default GW and mask 24. In linux environment someone tells me when I adding a new IP on the same interface I have to add it with mask 32. So, there should be only one 24 mask on the interface and the rest should be 32. Thats the only difference I can see. However I can try put both IP with mask 24.
 
troy
Member
Member
Posts: 302
Joined: Thu Jun 30, 2005 6:47 pm

Re: Two public IP on WAN interface

Wed Mar 26, 2014 5:49 pm

Yeah, when adding additional IP addresses in the same subnet, it's best practice to use a /32 mask. Addresses in multiple subnets should not require this.

It could be something funky with your ISP, but I couldn't tell you for sure.

Both of the obvious configurations are failing, not sure what else to try.

Good luck!
 
tlamik
newbie
Topic Author
Posts: 28
Joined: Fri Mar 21, 2014 11:54 am

Re: Two public IP on WAN interface

Mon Apr 07, 2014 8:16 pm

I have some news. I am able to ping from router from both IP's to 8.8.8.8. That's OK.
But nobody can't ping from internet to my router's second public IP.
When I launch Torch, I can see packet from other public IP to my router, BUT I am unable to see any incoming packets in firewall input, NAT nor mangle :( and I am pretty sure that I should see something there.

Who is online

Users browsing this forum: No registered users and 12 guests