MikroTik

Community discussions
https://forum.mikrotik.com/

NAT problem please help

https://forum.mikrotik.com/viewtopic.php?t=122070

Page 1 of 1

NAT problem please help

Posted: Mon May 29, 2017 3:00 pm
by andreako
Hello

I need help with mikrotik. I have a problem.
I have mikrotik router RB1000 powerpc v6.20 and 2 different isps with 2 public ips.Behind the mikrotik resides a IIS web server. I use default route isp1 with metric.
I have 2 web pages. First web page has and static ip from isp1 (which has default route) and works fine.

My problem is with second web site. Second web site has an static ip from isp2 but clients can't access it( isp1 is always default route).
When i change the default route from isp1 to isp2 the web site which has isp2 static ip works perfectly.
I need that both web sites to work regardless the default route.

Can somebody tell me where is my problem?

Thanks in advance

Re: NAT problem please help

Posted: Mon May 29, 2017 3:48 pm
by pukkita
The default route. all traffic exiting the router will go through the default route interface regardless of which interface was used to ingress.

If you're using two different ISPs, you'll need to resort to mangling for routing manipulation so that traffic always exit the router by the same interface it ingressed from (google "mikrotik kirnak balance").

Re: NAT problem please help

Posted: Mon May 29, 2017 4:04 pm
by andreako
# may/29/2017 14:49:54 by RouterOS 6.20
#
#
/interface ethernet
set [ find default-name=ether1 ] name="ISP1"
set [ find default-name=ether3 ] name="ISP2"
set [ find default-name=ether4 ] name="LAN"

add action=dst-nat chain=dstnat comment="WWW" dst-address=\
(ISP1) dst-port=80 in-interface="ISP1" protocol=tcp \
to-addresses=(web server lan ip) to-ports=80
add action=dst-nat chain=dstnat comment="www2" dst-address=\
(ISP2) dst-port=80 in-interface="ISP2" protocol=tcp \
to-addresses=(web server lan ip) to-ports=80

/ip route
add check-gateway=ping distance=1 gateway=(ISP1)
add check-gateway=ping distance=2 gateway=(ISP2)



Thanks

Re: NAT problem please help

Posted: Mon May 29, 2017 4:30 pm
by pukkita
If you resort to dst-nat you'll need to additionally src-nat from router to web server, so that webserver thinks is the internal router LAN IP the one talking to the webserver, otherwise it will try to answer the original public IP that contacted it, and that will exit through the default route.

This of course will mean you won't have any real details regarding the clients using your webserver, all traffic will look as if it were your routing the one accesing them.

Re: NAT problem please help

Posted: Tue May 30, 2017 10:22 am
by andreako
OK thanks

I found something about PCC and seems to resolves my problem
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/