I have tried several suggestions from the forum and wiki but admittedly I am just hacking at the problem...
Small remote office makes RDP(3389) connections back to home office. Link has gotten a bit slow with addition of new users so we added bandwidth. Main focus is to give the RDP sessions priority over anything that is local web or other traffic. Here is the office configuration as it exists now:
I have a T1 that has been configured and running fine for nearly a year. It is currently the default gateway.
I have added a second dual bonded T1 circuit that I wish to be used exclusively by RDP(3389) traffic originating from this location to a server on the public internet.
All other traffic should originate from the original T1.
Do I need to set up a Multi-Homed configuration for this? I do not want fail-over or load balance, only specific traffic out interface ETH2 and all other traffic out interface ETH1.
I am scratching my head on this one. Thanks in advance for any input you can provide to me.
Thanks,
-greg
-
-
GeekPatrolMiller
newbie
- Posts: 44
- Joined:
- Location: Dallas, TX, USA
- Contact:
Re: Multi-Homed or Not - That is the question
I would use two separate circuits, if that is what you mean by multihoming (multihoming usually means using several providers, you just want two different layer three interfaces).
Assuming a branch with wan1 with 1.1.1.2/30 for normal Internet traffic and wan2 with 2.2.2.2/30 for HQ RDP traffic and a LAN at 10.1.1.0/24, and a head office with RDP servers publicly reachable as 3.3.3.3 and 3.3.3.4 that would look something like this:
There's plenty of other ways to go about it, though. For inspiration look up 'policy routing', which is what you're trying to do. Instead of deciding on routing based on just destination networks in a routing table you're trying to enforce policies on the path packets take.
Assuming a branch with wan1 with 1.1.1.2/30 for normal Internet traffic and wan2 with 2.2.2.2/30 for HQ RDP traffic and a LAN at 10.1.1.0/24, and a head office with RDP servers publicly reachable as 3.3.3.3 and 3.3.3.4 that would look something like this:
Code: Select all
/ip address
add address=1.1.1.2/30 interface=wan1
add address=2.2.2.2/30 interface=wan2
add address=10.1.1.1/24 interface=lan
/ip firewall address-list
add list=hq-RDP address=3.3.3.3
add list=hq-RDP address=3.3.3.4
/ip firewall mangle
add chain=forward src-address=10.1.1.0/24 dst-address-list=hq-RDP protocol=tcp dst-port=3389 action=mark-routing new-routing-mark=wan2
/ip firewall nat
add chain=dstnat out-interface=wan1 action=dst-nat to-address=1.1.1.2
add chain=dstnat out-interface=wan2 action=dst-nat to-address=2.2.2.2
/ip route
add dst-address=0.0.0.0/0 gateway=1.1.1.1 distance=2
add dst-address=0.0.0.0/0 gateway=2.2.2.1 routing-mark=wan2
Re: Multi-Homed or Not - That is the question
OK, I have 2 ISP's.
Wan1 = dhcp
Wan2 = pppoe
I want to fail over all traffic from Wan1 to Wan2. What does the firewall Mangle, Nat and route statements look like?
Thanks,
Jerry
Wan1 = dhcp
Wan2 = pppoe
I want to fail over all traffic from Wan1 to Wan2. What does the firewall Mangle, Nat and route statements look like?
Thanks,
Jerry
Re: Multi-Homed or Not - That is the question
I have this working. Fails over and back very easily. Even if you have a meanie face Normis doing your support - You Guys Rock!
Thanks MikroTik!
Thanks MikroTik!