Page 1 of 1
Question about 2 subnet
Posted: Mon Aug 07, 2017 12:56 pm
by aarango
Hi,
I have this plan:
2 ISP and 1 router Mikrotik.
Port 1 Mikrotik has 1 ISP connected
Port 2 Mikrotik has another ISP connected
Port 3 Mikrotik has a switch for internal network
Port 4 Mikrotik has another switch for internal network
Internal network is in subnet 192.168.90.0/32 (second ISP) and servers is in 192.168.1.0/32 (first ISP). From internal subnet I can ping servers and viceversa, its ok.
The question is, when I access from internal subnet (192.168.90.30) to any server (192.168.1.20), on server I see as source 192.168.1.1 ( main IP of ISP - same IP router really ). Are there way to see internal IP when I access from internal subnet to servers?
Thanks!
Re: Question about 2 subnet
Posted: Mon Aug 07, 2017 2:26 pm
by pe1chl
Yes, make adjustments to your Firewall NAT rules.
It looks like they are wrong right now, you should have NAT only for traffic outgoing to internet, not to your second LAN.
Re: Question about 2 subnet
Posted: Mon Aug 07, 2017 3:50 pm
by aarango
Thanks for reply.
In NAT I have only a masquerade
[admin@MikroTik] /ip firewall nat> print
0 chain=srcnat action=masquerade log=no
Rest rules on NAT are for specific ports. Should I create any extra rule?
Regards.
Re: Question about 2 subnet
Posted: Mon Aug 07, 2017 3:54 pm
by pe1chl
This rule is too broad!
You need to narrow it with output-interface, like it was before you modified it.
When you have to internet interfaces, create another rule like that.
Re: Question about 2 subnet
Posted: Tue Aug 08, 2017 8:48 am
by aarango
This rule is too broad!
You need to narrow it with output-interface, like it was before you modified it.
When you have to internet interfaces, create another rule like that.
Could you let me know some more information? This is a real connection with employees working all time, I do not want to leave employees without internet.
Thanks you!
Re: Question about 2 subnet
Posted: Tue Aug 08, 2017 10:17 am
by erikhp
Hello aarango, as pe1chl says, you should be more specific on NAT rules, the one you have:
0 chain=srcnat action=masquerade log=no
masquerade's all the traffic passing through the router, this is not recommended as it will consume (unnecessarily) a lot of resources in your router.
In your case, you should try src-nat/masquerade the traffic that goes to the outside of your network like:
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix=""
This could work for you.
Re: Question about 2 subnet
Posted: Wed Aug 09, 2017 9:41 am
by aarango
Hello aarango, as pe1chl says, you should be more specific on NAT rules, the one you have:
0 chain=srcnat action=masquerade log=no
masquerade's all the traffic passing through the router, this is not recommended as it will consume (unnecessarily) a lot of resources in your router.
In your case, you should try src-nat/masquerade the traffic that goes to the outside of your network like:
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix=""
This could work for you.
Done! and its working fine. Thanks!!!