MikroTik

Posted: **Fri Sep 07, 2007 11:46 pm**

I have 2 internet connections: 1 with 256 external IP's and 1 with NAT.

----->NET1 NAT------->
.....ignore these points......MIkrotik ---->LAN
----->NET2 real IP---->

How to use both ISP's with separate gateway to clients; something like:
1.one client gets a static ip with real IP and gateway from NET2
2.one client gets a static ip with 192.168.1.10 with gateway from NET1 (192.168.1.1).

Point 1 is working for about 1 year but i can't make the second WAN working...clients dont have internet.
Help Please!!!

-web proxy is enabled
-no failover needed
-no load balancing neded
only 2 ISP with 2 gateways one router and one LAN.

Posted: **Sat Sep 08, 2007 12:27 pm**

Hi, do you have masquerading enabled for the second internet gateway?

Can you post your config here?

Rgds

Alex

Posted: **Sat Sep 08, 2007 8:54 pm**

I think that Mikrotik can't use 2 Internet Connections only if both are masqerade.
To me only one is.

Posted: **Sat Sep 08, 2007 11:03 pm**

Actually I am pretty sure that Mikrotik will use two internet connections where 1 is masqueraded and the other is not natted at all.

Perhaps masqueraded or perhaps source Natted. Not sure which would be best. You would apply this rule only to the interface that requires it. So you would set the OUT-INTERFACE function that would cause NAT to only occur on that desingated interface.

Forum gurus feel free to correct me on this.

You can do this using the mangle rule, where you mark connections and packets that are coming from a source network of the public ipś and then a different mark for connections and packets coming from the private ipś.

Once you have done this you can apply a routing mark to that traffic.

When this is done you can now use the IP Routes menu to direct the routing marked traffic to the ISP interface of your choice.

Let me know more about your config and we can try to hash this out together.

Cheers!

Alex

Posted: **Sun Sep 09, 2007 11:48 pm**

Hello,

This is our network diagram. I'll post our complex config in a new post.

Posted: **Mon Sep 10, 2007 12:29 am**

Sorry for the double post, but it's easier for me this way

Currently we don't have the 2nd connection set-up, and the customers are all using our main connection.

We want 192.168.9.0/24 and 192.168.11.0/24 to be NAT-ed under the 2nd connection. (The ones in the diagram marked with NAT and PPPoE).

This is our Firewall -> Mangle setup

# sep/10/2007 00:08:12 by RouterOS 2.9.45
# software id = TUST-D0T
#
/ ip firewall mangle 
add chain=forward action=mark-connection new-connection-mark=Internet passthrough=yes in-interface=internet \
    comment="Transparent Proxy Traffic" disabled=no 
add chain=prerouting action=mark-connection new-connection-mark=Internet passthrough=yes src-address-list=N-Zone \
    comment="SRC N-Zone \(2\)" disabled=no 
add chain=prerouting action=mark-connection new-connection-mark=Internet passthrough=yes dst-address-list=N-Zone \
    comment="DST N-Zone \(2\)" disabled=no 
add chain=prerouting action=mark-connection new-connection-mark=Extern passthrough=yes connection-mark=Internet \
    src-address-list=N-Zone dst-address-list=!NExtern comment="SRC N-Zone -> DST Extern \(2\)" disabled=no 
add chain=prerouting action=mark-connection new-connection-mark=Extern passthrough=yes connection-mark=Internet \
    src-address-list=!NExtern dst-address-list=N-Zone comment="SRC Extern -> DST N-Zone \(2\)" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=extern_trafic passthrough=no connection-mark=Extern comment="" \
    disabled=no 
add chain=output action=mark-packet new-packet-mark=extern_trafic passthrough=yes out-interface=lan comment="" disabled=no

We have this rather complex because we used to have 3 separate Queue Types (Different Speed Limits for External Traffic - outside the country, Metro Traffic - inside the country, and Local Traffic - traffic done with other clients of our ISP)

Anyway, here is our Firewall > NAT:

# sep/10/2007 00:20:21 by RouterOS 2.9.45
# software id = TUST-D0T
#
/ ip firewall nat 
add chain=dstnat action=redirect to-ports=3129 in-interface=!internet src-address=86.107.189.0/24 dst-port=80 protocol=tcp \
    src-address-list=!NO_PROXY comment="Proxy Transparent Clienti - Clientii din lista NO_PROXY nu trec prin proxy \
    \(limitari totale\)" disabled=no 
add chain=srcnat action=masquerade src-address=192.168.9.0/24 comment="Masquerade PPPoE" disabled=no 
add chain=srcnat action=masquerade src-address=192.168.110/24 comment="Masquerade NAT Customers" disabled=no

Here's our IP Addresses Setup:

# sep/10/2007 00:26:34 by RouterOS 2.9.45
# software id = TUST-D0T
#
/ ip address 
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=lan comment="Device-uri" disabled=no 
add address=78.96.22.10/25 network=78.96.22.0 broadcast=78.96.22.127 interface=internet comment="Fibra UPC - 1st Connection" disabled=no 
add address=86.107.189.1/24 network=86.107.189.0 broadcast=86.107.189.255 interface=lan comment="" disabled=no 
add address=192.168.11.1/24 network=192.168.11.0 broadcast=192.168.11.255 interface=lan comment="NAT-ed Customers" \
    disabled=no 
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 interface=lan comment="2nd Connection" \
    disabled=no

And this is the Ip -> Route export

# sep/10/2007 00:29:04 by RouterOS 2.9.45
# software id = TUST-D0T
#
/ ip route 
add dst-address=0.0.0.0/0 gateway=78.96.22.1 pref-src=78.96.22.10 distance=1 scope=255 target-scope=10 comment="1st \
    Connection" disabled=no

So... what are the exact steps we need to follow in order to have the 2nd connection working?

Thanks.

Posted: **Mon Sep 10, 2007 6:13 pm**

Please help!

Posted: **Tue Sep 11, 2007 4:40 pm**

Sorry for the delay. My email has decided that Mikrotik forum emails are spam and sent them to junk. So I missed your post.

Give me a few moments to look at your configs.

Will post back later.

Alex

Posted: **Sat Sep 15, 2007 8:37 pm**

Is this too complex?

MikroTik

2 internet connections

2 internet connections

Re: 2 internet connections

Re: 2 internet connections

Re: 2 internet connections

Re: 2 internet connections

Re: 2 internet connections

Re: 2 internet connections

Re: 2 internet connections

Re: 2 internet connections