Complex NAT scenario
Posted: Tue Jun 26, 2007 6:57 pm
Hi all,
The scenario is: I have a server that is currently visible from Internet (DSL1) through a Mikrotik (MT1) using a public IP address (IP1).
The need is to make this server temporarily visible from a new IP too (IP2) through a second DSL line connected (DSL2) to a second Mikrotik (MT2).
The two MT boxes are directly connected and routed via private subnet.
The server (Linux 2.4.26) has a second Ethernet interface, but unfortunately it seems to be impossible to handle the traffic on both the interfaces (IP1 and IP2) simultaneously, so I tried to solve the problem at MT side using many types of NAT + Policy Based Routing without success.
The behaviour needed should be:
1) Access from DSL1 using IP1 through interface MT1-External bridged to DMZ1 (already OK)
2) Access from DSL2 using IP2 through interface MT2-External, routed to MT2-Cross, wired to MT1-Cross, routed to DMZ1
With the configuration I tried:
- a DST-NAT on MT2 changes the IP from IP2 to IP1
- then a static route move it to the MT interconnect, then into MT2:
- a mangle marks the connection+packets
- a route rule put it into a separate table
- a route from that table put it back on the MT interconnect
Unfortunately the whole thing doesn't work so I wonder what is the way to solve the problem.
I'm absolutely sure that MT can do that!
Many thanks in advance.
Riccardo
The scenario is: I have a server that is currently visible from Internet (DSL1) through a Mikrotik (MT1) using a public IP address (IP1).
The need is to make this server temporarily visible from a new IP too (IP2) through a second DSL line connected (DSL2) to a second Mikrotik (MT2).
The two MT boxes are directly connected and routed via private subnet.
The server (Linux 2.4.26) has a second Ethernet interface, but unfortunately it seems to be impossible to handle the traffic on both the interfaces (IP1 and IP2) simultaneously, so I tried to solve the problem at MT side using many types of NAT + Policy Based Routing without success.
The behaviour needed should be:
1) Access from DSL1 using IP1 through interface MT1-External bridged to DMZ1 (already OK)
2) Access from DSL2 using IP2 through interface MT2-External, routed to MT2-Cross, wired to MT1-Cross, routed to DMZ1
With the configuration I tried:
- a DST-NAT on MT2 changes the IP from IP2 to IP1
- then a static route move it to the MT interconnect, then into MT2:
- a mangle marks the connection+packets
- a route rule put it into a separate table
- a route from that table put it back on the MT interconnect
Unfortunately the whole thing doesn't work so I wonder what is the way to solve the problem.
I'm absolutely sure that MT can do that!
Many thanks in advance.
Riccardo