I have a server that I want to reside on several networks.
I have VLAN connections provided by outside sources over a Metro that I don't have control over. Basically I have a single cable to each network and an assigned IP address. Normally (and in my opinion the easiest solution) is to put a NIC in the server for each network connection I wanted to add. If the server was given 3 IP addresses by 3 different networks, I would put 3 additional NICs in the server, hard code the IPs, and plug the cables in.
Done. Simple and complete.
But I've been told by the server vendor that they won't allow multiple NICs in this server, so that option is not available to me.
I have a Mikrotik 750G I bought to eventually toy with and learn, but I am totally new to it. I've got enough network knowledge to often get the basic job done, but nothing advanced at all.
I'm guessing/hoping I can stick this router in front of the server to act as it's NICs and forward traffic to the server. I'm assuming I can assign the IPs that would belong to the server instead to the router interfaces themselves and forward traffic to the server through the router. But I'm at a loss as to how to make this happen.
Hope this poor man's picture comes out right as an attempt to illustrate replacing 4 NICs in the server with the router instead:
local LAN/Internet --- Port 1 -| . |
V1 - 192.168.50.99 --- Port 2 -| 7 |
V2 - 192.168.60.99 --- Port 3 -| 5 |
V3 - 192.168.70.99 --- Port 4 -| 0 |
Server ------------------ Port 5 -| G |
The Webfig v5.15 is very new to me and I'm fumbling my way through it. But I haven't gotten the hang of it yet so I'm a bit lost.
Can I just assigned the IPs to the router interfaces and then go to IP/Routes/Rules and add some rules to forward all traffic to the server port?
Basically, if someone sent traffic to the server from the 192.168.60.x network, expecting the server to be at 192.168.60.99, can the router accept this in lieu of the server, forward it to the server at port 5 and establish successful communications through to the server?
Hoping someone can give me a few good pointers to get this ball rolling, or just tell me I'm way off track here before I go setting up strange configurations that don't have a snowball's chance.
Thanks ahead of time for the guidance,
Donald
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: Use a 750G to substitute for NICs in a server?
You mention VLANS but from the diagram it looks as if each of the LANs presents itself as a distinct cable so the server is not being presented with VLANs - correct?
If that is so then what you would be asking the routerboard to do is essentially a routing function. Could you do it with routing alone? Yes - but to do so you might have to be able to set routes at the client ends of those LAN connections. If the clients can only talk to addresses withing their respective LAN subnet ranges then you could still have them talk to the server by using destination NAT to translate from the LAN subnets to the actual subnet on the server NIC - similarly to what somebody might do if running a server in the office and allowing access from the WAN side.
If that is so then what you would be asking the routerboard to do is essentially a routing function. Could you do it with routing alone? Yes - but to do so you might have to be able to set routes at the client ends of those LAN connections. If the clients can only talk to addresses withing their respective LAN subnet ranges then you could still have them talk to the server by using destination NAT to translate from the LAN subnets to the actual subnet on the server NIC - similarly to what somebody might do if running a server in the office and allowing access from the WAN side.
Re: Use a 750G to substitute for NICs in a server?
Correct. The VLANs are simply through the Metro Area Network to connect the remote networks to my server and present to the server as a single port through a Cisco Metro.
I know if the router acted as a normal router would, the remote clients or their gateway would simply be told my server's "new" address(es) behind the router and know to send towards my router to access the server. But I don't have any control over the remote networks and so want to avoid as many remote side manipulations as I can as it would greatly simplify things.
If I can instead maintain transparency and simply have the router "be" the server to the remote network and forward to the actual server itself I thought it might be simpler.
I know if the router acted as a normal router would, the remote clients or their gateway would simply be told my server's "new" address(es) behind the router and know to send towards my router to access the server. But I don't have any control over the remote networks and so want to avoid as many remote side manipulations as I can as it would greatly simplify things.
If I can instead maintain transparency and simply have the router "be" the server to the remote network and forward to the actual server itself I thought it might be simpler.
Re: Use a 750G to substitute for NICs in a server?
No need vlans to do that.
The port5 must have a ip in the server range.
Go to IP -> Routes section, add the server ip as default gateway.
With that, all the packets from ports 2,3 and 4 will go through the server.
Now, when the packet return to your network, you need the opposite, to route the incoming packet to the appropriate gateway (ports 2,3,4).
So you must add 3 static routes to deliver the packet to each port.
For example: Dst address 192.168.50.0/24 -> gateway 192.168.50.1 (that is the router/ap/... connected to the port 2 lan).
The port5 must have a ip in the server range.
Go to IP -> Routes section, add the server ip as default gateway.
With that, all the packets from ports 2,3 and 4 will go through the server.
Now, when the packet return to your network, you need the opposite, to route the incoming packet to the appropriate gateway (ports 2,3,4).
So you must add 3 static routes to deliver the packet to each port.
For example: Dst address 192.168.50.0/24 -> gateway 192.168.50.1 (that is the router/ap/... connected to the port 2 lan).
Re: Use a 750G to substitute for NICs in a server?
Now that sounds like a possibility. Default gateway instead of multiple static routes. I might give that a try (if I can figure out how).
So this does sound plausible to you then? I'll try to get a test environment together when I can. Just wanted to make sure it was possible before I put forth the effort.
Thanks again,
Donald
So this does sound plausible to you then? I'll try to get a test environment together when I can. Just wanted to make sure it was possible before I put forth the effort.
Thanks again,
Donald
Re: Use a 750G to substitute for NICs in a server?
You said it is not an option to put multiple NICs into the server. But does the NIC in the server understand VLAN tags, and if so, is it an option to configure VLANs on the server itself?
Most ethernet chipsets these days understand and support VLAN tags; it is just a matter of configuring the driver and operating system properly. Most OSes would present each VLAN as a "virtual" ethernet interface that you can assign an IP directly to as if it were a separate NIC. You could presumably use the 750G in front of the server, and bridge each ethernet uplink to a separate VLAN on the server, or use a managed switch with VLAN trunking capabilities in front of the server instead (RB250GS, or even the RB750G, which has the Atheros 8316 switch chip on it; configuration details here: http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features.
Do make sure you have an RB750G and not a RB750GL if you try to use the switch chip. Otherwise, use software bridges.
-- Nathan
Most ethernet chipsets these days understand and support VLAN tags; it is just a matter of configuring the driver and operating system properly. Most OSes would present each VLAN as a "virtual" ethernet interface that you can assign an IP directly to as if it were a separate NIC. You could presumably use the 750G in front of the server, and bridge each ethernet uplink to a separate VLAN on the server, or use a managed switch with VLAN trunking capabilities in front of the server instead (RB250GS, or even the RB750G, which has the Atheros 8316 switch chip on it; configuration details here: http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features.
Do make sure you have an RB750G and not a RB750GL if you try to use the switch chip. Otherwise, use software bridges.
-- Nathan
Re: Use a 750G to substitute for NICs in a server?
You can ignore the VLANs. It was additional info, the VLANs are transparent to me. These networks can be considered cable drops to my server.
-edit1 Or am I misunderstanding you and you're saying create VLANs through the routerBOARD router to bridge the networks and the server?
-edit2 The more I read your response the more I believe you're talking about only local VLANs. I don't think the server folks would go for that either. I already have a secondary address on the main NIC and a route statement on the server serving almost the same purpose and they didn't care for that. They told me if they had to troubleshoot the server for any reason it would be the first thing they removed. That's when I brought up the multiple NICs. They liked that idea even less and told me if they saw them, they would disable them. I think they are afraid and I will provide this thing with multiple default gateways (which I won't do) and screw the networking up. So unfortunately I don't think what you are suggesting is a viable option for this scenario. I'm left trying to place this routerBOARD in for the NICs on the server if I can get it to work. Thanks for the suggestion though.
-edit1 Or am I misunderstanding you and you're saying create VLANs through the routerBOARD router to bridge the networks and the server?
-edit2 The more I read your response the more I believe you're talking about only local VLANs. I don't think the server folks would go for that either. I already have a secondary address on the main NIC and a route statement on the server serving almost the same purpose and they didn't care for that. They told me if they had to troubleshoot the server for any reason it would be the first thing they removed. That's when I brought up the multiple NICs. They liked that idea even less and told me if they saw them, they would disable them. I think they are afraid and I will provide this thing with multiple default gateways (which I won't do) and screw the networking up. So unfortunately I don't think what you are suggesting is a viable option for this scenario. I'm left trying to place this routerBOARD in for the NICs on the server if I can get it to work. Thanks for the suggestion though.
Re: Use a 750G to substitute for NICs in a server?
Well, I've got everything set up... test machines and 750G router. Everybody can talk to everybody, so I think everything is ok. But I have yet to figure out the forwarding.
The router port IPs are configured as follows:
port 1 - 192.168.1.254
port 2 - disabled
port 3 - 192.168.200.4
port 4 - 10.34.17.44
port 5 - 192.168.41.3
all have /24 networks behind them.
Behind port 1 is my "Server" at 192.168.1.3. I even installed IIS with a bogus web page on it.
I can ping across all networks and pull up the web page from any of them. So all ports and routes seem configured correctly.
Now, how can I forward all traffic directed to each port to my Server?
I tried destination NAT but unsuccessfully.
I tried to set up port forwarding but was unsuccessful in that as well.
If someone on the "port 4" network tries to pull up the web page on 10.34.17.44, I want them to pull up my server web page on 192.168.1.3, not the mikrotik webconfig page on the router.
Any ideas what I might could try to get that to work? I must be doing something wrong somewhere.
I want this to apply for ports 3, 4, and 5 ip addresses - to get redirected to 192.168.1.3
Thanks again for any help,
Donald
The router port IPs are configured as follows:
port 1 - 192.168.1.254
port 2 - disabled
port 3 - 192.168.200.4
port 4 - 10.34.17.44
port 5 - 192.168.41.3
all have /24 networks behind them.
Behind port 1 is my "Server" at 192.168.1.3. I even installed IIS with a bogus web page on it.
I can ping across all networks and pull up the web page from any of them. So all ports and routes seem configured correctly.
Now, how can I forward all traffic directed to each port to my Server?
I tried destination NAT but unsuccessfully.
I tried to set up port forwarding but was unsuccessful in that as well.
If someone on the "port 4" network tries to pull up the web page on 10.34.17.44, I want them to pull up my server web page on 192.168.1.3, not the mikrotik webconfig page on the router.
Any ideas what I might could try to get that to work? I must be doing something wrong somewhere.
I want this to apply for ports 3, 4, and 5 ip addresses - to get redirected to 192.168.1.3
Thanks again for any help,
Donald
Re: Use a 750G to substitute for NICs in a server?
Okay, I think I've finally got this.
I was making the mistake of placing the internal IP I wanted to go to on the dst address of the general tab.
I didn't realize that is where the destination address of the incoming packet should go, aka the ip address of the accepting router port, my "outside" ip.
My internal address I want to nat to goes on the action tab under the dst-nat address.
Simple mistake but confounding if you're not familiar with the system.
-Donald
I was making the mistake of placing the internal IP I wanted to go to on the dst address of the general tab.
I didn't realize that is where the destination address of the incoming packet should go, aka the ip address of the accepting router port, my "outside" ip.
My internal address I want to nat to goes on the action tab under the dst-nat address.
Simple mistake but confounding if you're not familiar with the system.
-Donald