MikroTik

hello

i have 2 gateways that i can get to work just cannot seem to get the nat to work with both of them. fail over would be nice but at this point i would settle for both just working.

if i add to the route add 0 gateway=64.x.x2/25,67.x.x.126/29 it works but only for ping. meaning i can ping the preffered ip addresses but cannot seem to add any other addresses. i have add ie 64.x.x.10/25

firewall dst-nat
add dst-address=67.x.x.10/32 action=nat to-src-address=192.168.x.1

firewall src-nat
add src-address=192.168.x.1/32 action=nat to-src-address=67.x.x.10

now if i do this exact this but just change the 67 address to 64 address range everything works

just dont seem to be geting the whole dual wan connection.

i am missing something simple ?? help i am stupid

randy


and yes i read the book all over again .

also when i add the second gateway to the MT my network connections seems to lag on the inbond telnet sessions. when i remove the second gateway every is very quick.

the telnet session will start just takes it about 20-30 secs to start . without the other gw it take 1-2 seconds. this is on both local lan and wan connections

Randy

Hi Randy,

OK, the first thing that seems to be way off is your dual gateway routing entry. Did you really enter "64.x.x2/25,67.x.x.126/29" for the gateway? This won't work at all (and it would surprise me, if the MikroTik would allow you too, but can't check at the moment), as those are address ranges - a gateway can only be a single ip address (without a netmask), so this could be "64.x.x.2,67.x.x.126" (if those are the correct addresses).

The second thing is I don't really catch what your two nat rules should do (and perhaps I get the whole setup wrong). You have one local LAN with private ip space (192.168.x.x) and two separate uplinks, right? You want some kind of load balancing?
Giving both gateway addresses in the default route will create some kind of "round-robin" loadbalancing, no failover (as you stated would be step 2).
As you have private ip space in your LAN, you need src-nat, like this one This should private src-natting for your LAN for your woth WAN uplinks. Replace the "wan1" and "wan2" above with your real uplink interface names (might also be ether2 and ether3 for example...).

You only need a dst-nat rule if you want to make services from machines on your private LAN available to the outside (like a web server or mail server). Is this what you want?

Hope this helps as a first step - and please shed some more light on what you want to achieve, if I got you wrong

Ah, and to your second question: From WHERE do you try to login to your MT? Your private LAN?

cmit

sorry about that i ment

gateway=67.x.x.126,64.x.x.2

i was just stating that the subnets were for the ip range. sorry about that

as far as the SRC and DST questions

i have 67.x.x.10/32 going to 192.x.x.1/32(server on lan)
and 67.x.x.11/32 going to 10.x.x.12/32 (server on wirless)

these work but not after i add the second gateway. and if i add

64.x.x.20/32 to go to 192.x.x.2(another server on lan) it does not respond

it does respond (only from the router) cannot access it from outside networks.

/ip firewall dst-address=64.x.x.20/32 action=nat to-dst-address=192.x.x.2


am going to try a couple of things tonight.

for the second question i posted . i was refering to (not MT connection) i have a server running telnet on the 64.x.x.12 on the fire wan1 connection. works like a charm with out the second gw when i add the second gw it either stops working or takes for ever to get in . once i am in it is ok but i must be loosing something in the routing for this to be happing ??

Randy

btw thanks for you help .

also forgot this on the the other server i added i have src nat also setup
/ip firewall src-nat add src-address=192.x.x.2/32 action=nat to-src-address=64.x.x.20

from the router i can ping it

randy

should start a new post

i can get everything to work except i cannot seem to get both server to run telnet sessions

which ever one starts first (i mean which ever one is highest on the rules seems to start . ) as soon i add the second gateway they stop working
the first on will still work . then if i remove the the other gateway .they both start working again.

signed i am confused

Randy

i am confused

Me too

Is there any chance to create a login on this system for me so I could check some settings? You could send me an e-mail to support@cmit.de. I would also give you my ip address so you could restrict the login to that one...

cmit

i will send you a user name and login asap.

Randy

like i said when i add the second gw it does work just doesnt let the other telnet sessions work. i am going to try using a different subnet for the servers and see if this makes a difference.