MikroTik

Community discussions
https://forum.mikrotik.com/

Two Mikrotik and one LAN

https://forum.mikrotik.com/viewtopic.php?t=34355

Page 1 of 1

Two Mikrotik and one LAN

Posted: Fri Aug 21, 2009 12:40 pm
by maroon
Dear Sirs,

I'm having problem forwarding any dst-nat request to my exchange server inside and my scenario is the following

Two Mikrotik Routers (Firewall) and LAN

I have published MS Exchange server through the Mikrotik A (using DST-NAT) for the following ports: TCP (443, 25, 80) and the Exchange Gateway is the internal IP of Mikrotik A. (i.e: I access OWA by using webmail.xyz.com)

Now I have the other Mikrotik B which has another Internet connection and I also created a dst-nat rule to Exchange (backup access connection for HTTPS requests to Exchange server in case the connection on Mikrotik A fails for some reason) (i.e: I access OWA by using webmail2.xyz.com)

Everything is working perfectly through Mikrotik A. but I can't access OWA through Mikrotik B.

Inside Address on both mikrotik are the same subnet 192.168.0.0/24

Inside address for Mikrotik A: 192.168.0.254 and this IP is the gateway on Exchange server.
Inside address for Mikrotik B: 192.168.0.253.

Please advise.

Regards,

Re: Two Mikrotik and one LAN

Posted: Fri Aug 21, 2009 1:18 pm
by maroon
It is urgent and any help is highly appreciated !

Re: Two Mikrotik and one LAN

Posted: Fri Aug 21, 2009 2:28 pm
by rickhodger
Everything is working perfectly through Mikrotik A. but I can't access OWA through Mikrotik B.

Inside Address on both mikrotik are the same subnet 192.168.0.0/24

Inside address for Mikrotik A: 192.168.0.254 and this IP is the gateway on Exchange server.
Inside address for Mikrotik B: 192.168.0.253.
This will not work. You have created a triangle route - when someone attempts to access the server through Mikrotik B, your exchange server is sending it's packets to Mikrotik A, which will then forward them on out to the internet through it's connection which will not work as the packet will then get NAT'd to the incorrect address. If you had both internet connections connected to the one Mikrotik I would imagine it could be made to work as then you would only have a single NAT table and would be able to use ECMP.

Re: Two Mikrotik and one LAN

Posted: Fri Aug 21, 2009 2:48 pm
by maroon
Thank you for your prompt reply...

Any example would be amazing...

I will add another interface for the second WAN on Mikrotik A

Re: Two Mikrotik and one LAN

Posted: Fri Aug 21, 2009 2:55 pm
by rickhodger
Try the documentation on the PCC matcher. It should help you achieve what you are trying to do. http://wiki.mikrotik.com/wiki/PCC

Re: Two Mikrotik and one LAN

Posted: Mon Aug 24, 2009 3:20 pm
by Chupaka
you may try to do the following:

on B:

/ip route add address=Exchange_address gateway=192.168.0.254

so that incoming requests from backup line were coming to server via router A.

then on A just mark incoming connections from internetA to server with mark1, and connections from LAN interface to server with mark2 (those will be connections from B). after that all replies with connection-mark2 send to B, not to internetA

something like this ))
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/