Hi,
I have 2 WAN links from different ISP's, and one LAN link. I ma using MT 2.9. The LAN is src-nated.
I did basic fail over setup with pingig one ISP1-GW and giving other ISP2-GW mark of 2. So every thing is going over ISP1, while it is UP.
Inside that LAN i have mail server, 25 desktop clients, and some other services that i would like to publish.
I also use MT as PPTP VPN server.
The idea is to publish some services try ISP1 and some try ISP2.
Example would be mail server. I want SMTP traffic to go over ISP2, and POP3 and IMAP to go over ISP1.
I just need some pointers in how could I do this.
I managed to use mangle and mark-connection to redirect all traffic from one machine from LAN to go try ISP2. But I want to be able to to this on port basis .
I do dst-nat and the packet comes from ISP2 to lan machine:25..but tires to return try ISP1 because he is the default GW.
What i need to do to mark packet, or tell packet that comes from ISP2 to specific port to return to the source IP and port try ISP2.
Cheers
Aca
PS: Sorry for my bad English.
Re: 2 WAN links 1 LAN dst-nat mangle ?
Use dst-port or src-port to make per-port routing over different gateway.
Use mark-routing to set mark and use it on 'ip route'.
Use mark-routing to set mark and use it on 'ip route'.
Re: 2 WAN links 1 LAN dst-nat mangle ?
ip adress
0 192.168.5.x/24 192.168.x.x 192.168.5.255 LAN
1 195.x.x.x/24 195.x.x.x 192.x.x.255 WAN1
2 89.x.x.x/24 89.x.x.x 89.x.x.255 WAN2
ip firewall mangle> print
chain=prerouting dst-address=89.x.x.x protocol=tcp dst-port=25 action=mark-routing new-routing-mark=mail
passthrough=no
ip firewall nat
0 ;;; WAN1 NAT
chain=srcnat out-interface=WAN1 action=masquerade
1 ;;; WAN2 NAT
chain=srcnat out-interface=WAN2 action=src-nat to-addresses=89.x.x.x to-ports=0-65535
2 ;;; MAIL WAN2
chain=dstnat routing-mark=mail action=dst-nat to-addresses=192.168.5.20 to-ports=25
ip route> print
;;; GW WAN1
dst-address=0.0.0.0/0 gateway=195.x.x.x check-gateway=ping interface=WAN1 gateway-state=reachable
scope=255 target-scope=10
;;; GW WAN2
dst-address=0.0.0.0/0 gateway=89.X.X.X interface=WAN2 gateway-state=reachable distance=2 scope=255
target-scope=10
;;; MAIL WAN2
dst-address=0.0.0.0/0 gateway=89.X.X.X interface=WAN2 gateway-state=reachable scope=255 target-scope=10
routing-mark=mail
Ok this is configuration, as I can see using Torch the packets are coming from outside, but they are not coming out to WAN2.
0 192.168.5.x/24 192.168.x.x 192.168.5.255 LAN
1 195.x.x.x/24 195.x.x.x 192.x.x.255 WAN1
2 89.x.x.x/24 89.x.x.x 89.x.x.255 WAN2
ip firewall mangle> print
chain=prerouting dst-address=89.x.x.x protocol=tcp dst-port=25 action=mark-routing new-routing-mark=mail
passthrough=no
ip firewall nat
0 ;;; WAN1 NAT
chain=srcnat out-interface=WAN1 action=masquerade
1 ;;; WAN2 NAT
chain=srcnat out-interface=WAN2 action=src-nat to-addresses=89.x.x.x to-ports=0-65535
2 ;;; MAIL WAN2
chain=dstnat routing-mark=mail action=dst-nat to-addresses=192.168.5.20 to-ports=25
ip route> print
;;; GW WAN1
dst-address=0.0.0.0/0 gateway=195.x.x.x check-gateway=ping interface=WAN1 gateway-state=reachable
scope=255 target-scope=10
;;; GW WAN2
dst-address=0.0.0.0/0 gateway=89.X.X.X interface=WAN2 gateway-state=reachable distance=2 scope=255
target-scope=10
;;; MAIL WAN2
dst-address=0.0.0.0/0 gateway=89.X.X.X interface=WAN2 gateway-state=reachable scope=255 target-scope=10
routing-mark=mail
Ok this is configuration, as I can see using Torch the packets are coming from outside, but they are not coming out to WAN2.
Re: 2 WAN links 1 LAN dst-nat mangle ?
I have the same problem.
-
-
zariguella
just joined
- Posts: 3
- Joined:
Re: 2 WAN links 1 LAN dst-nat mangle ?
and me
Anybody help us?
Anybody help us?