Announcement

Collapse
No announcement yet.

Mikrotik Help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mikrotik Help

    My routing knowledge is rather rusty now, can anyone help or point me to the right resources.

    Current home office setup is local LAN, servers, desktops, WiFi -> Mikrotik RB951 -> ISP1 (PPPoE)

    ISP 1 has static IP to accept customer connections to a development web server (all public services are on "proper servers" in real DC's!)

    We're having a second "residential" ISP connection (ISP2) as the kids are eating bandwidth now and we need to seperate this from the business connection.

    Desired setup

    Local LAN, servers, business computers, WiFi (SSID1) -> Mikrotik -> ISP1
    Local LAN, family computers, WiFi (SSID2) -> Mikrotik -> ISP2

    I know the simple solution would be a second router and put the family onto this and assign second IP's to the file server, however, is it possible to to assign a 2nd IP to the Mikrotik's LAN port and route packets received on IP1 to ISP1 and IP2 to ISP2

    I don't want to load balance or bond connections, but it would be good to be able to fail over if either connection failed.

    Any suggestions?
    Alex Monaghan
    Monaghan Consultants Ltd
    www.monaghan.co.uk - Web Hosting & Consultancy
    Company No:3331267 VAT Reg:700231310

  • #2
    Yes without the failover. Just create the masquerade (nat) rule for the relevant private block and hide it behind the new wan IP
    Peter Knapp - CCS Leeds Ltd - www.ccsleeds.co.uk
    Coal Road, Leeds. LS14 2AQ / Co. reg: 03507910 / VAT reg: GB 698 2027 05 / Tel: 0113 294 66 99
    UK Leased Lines | Hosted VoIP & SIP Trunks | EFM - Ethernet First Mile
    Free Install and Cisco Router on Fully Managed EFM at up to 20Mb/s only £300 per month

    Comment


    • #3
      Thanks,

      Can I hide it behind an interface rather than an IP as the new IP will be dynamic?
      Alex Monaghan
      Monaghan Consultants Ltd
      www.monaghan.co.uk - Web Hosting & Consultancy
      Company No:3331267 VAT Reg:700231310

      Comment


      • #4
        If you mean PPPoE dialer/interface for example, yes you can.
        Peter Knapp - CCS Leeds Ltd - www.ccsleeds.co.uk
        Coal Road, Leeds. LS14 2AQ / Co. reg: 03507910 / VAT reg: GB 698 2027 05 / Tel: 0113 294 66 99
        UK Leased Lines | Hosted VoIP & SIP Trunks | EFM - Ethernet First Mile
        Free Install and Cisco Router on Fully Managed EFM at up to 20Mb/s only £300 per month

        Comment


        • #5
          Originally posted by monaghan View Post
          Thanks,

          Can I hide it behind an interface rather than an IP as the new IP will be dynamic?
          There are two ways of doing source address translation in iptables/netfilter (which is all that Mikrotik RouterOS is at the end of the day) - SNAT (action=src-nat in RouterOS), where you specify the address to translate it to and "masquerade", where it hides you behind whatever IP address is present on the interface.
          GoDaddy are abusing WHC with shill advertising

          Comment


          • #6
            Thanks,

            I'll have a fiddle about once the new line is operational, if you never hear from me again, the kids have killed me for breaking the Internet
            Alex Monaghan
            Monaghan Consultants Ltd
            www.monaghan.co.uk - Web Hosting & Consultancy
            Company No:3331267 VAT Reg:700231310

            Comment


            • #7
              Why not keep life simple and the setup entirely separate - otherwise the 'tik remains an SPOF and it is more likely to be something you might need to 'fiddle with' at some point for work.

              Then just go LAN|wifi > (supplied-box) > isp2 for the family stuff.

              Will also help if/when you decide to get rid of the home-office, as it can be picked up in entirety and taken away without losing your life/wife/health during the revolt that occurs because you took away the wee-fee
              Rob Golding Astutium Ltd AS#29527 Company#08183381 Phone#020 3475 2555
              Domain Name Registration - uk domains just £5.55/2 years | DNS Services | Web Hosting from £2.95 | Minecraft Servers from £2.50
              London Docklands Colocation 1u £49.95 | Virtual Private Servers from £4 | Virtual Dedicated Servers from £12 | Managed + Unmanaged Dedicated Servers from £69
              Make more money from domains - Talk to me about our Domain Reseller Accounts and WHMCS modules

              Comment


              • #8
                Thanks, there are a number of shared resources though (scanner on the multi function laser printer, music library and so on), I'm sure I'll work out what's best where. Wife is not a problem, it's the kids that report any wifi outages, hence looking to keep the system as near to it is now, but split it into to 2 distinct sections.
                Alex Monaghan
                Monaghan Consultants Ltd
                www.monaghan.co.uk - Web Hosting & Consultancy
                Company No:3331267 VAT Reg:700231310

                Comment


                • #9
                  Originally posted by monaghan View Post
                  Thanks, there are a number of shared resources though (scanner on the multi function laser printer, music library and so on), I'm sure I'll work out what's best where. Wife is not a problem, it's the kids that report any wifi outages, hence looking to keep the system as near to it is now, but split it into to 2 distinct sections.
                  For ultimate simplicity, have one subnet for all devices (say 192.168.1.0/24 for example) so that broadcast discovery etc. all works but then put your two routers for the two ISP lines on different IP addresses (say 192.168.1.1 for the line for the family and 192.168.1.254 for the business line). Have one of the routers act as a DHCP server giving out the family gateway and disable DHCP on the other then manually configure anything that you want to go down the business line with a static IP address and the gateway pointing at the business line router.

                  Everything is on one local subnet, so can access everything else (good for convinience, bad for security). There's no automated failover, but you could flip gateways manually if needed. No funky routing configuration needed.
                  GoDaddy are abusing WHC with shill advertising

                  Comment

                  Working...
                  X