NAT a single IP using 2nd WAN Internet

nat internet route mikrotik wide-area-network
9,047

Solution 1

To achieve this you need to create 2 firewall rules (mangle & nat) and add a static route.

First you create the mangle rule which will mark the packets of the specific IP you want to route through WAN2 with a new routing mark. Replace 192.168.1.X with the IP you want to route via WAN2.

/ip firewall mangle add chain=prerouting  src-address=192.168.1.X \
dst-address=!192.168.1.0/24 action=mark-routing new-routing-mark=wan2

If you need to route another IP too, you can either copy this rule and change the IP or you can create an Address-List (/ip firewall address-list) and use that with a single rule.

Then you create the src-nat rule so that packets leaving from WAN2 will have the appropriate source IP instead of 192.168.1.X (depending on your current configuration you may not need to do this) 

/ip firewall nat add chain=srcnat routing-mark=wan2 action=src-nat \
to-addresses=2.2.2.20

And finally you create the static route that will be used to route the marked packets via WAN2.

/ip route add dst-address=0.0.0.0/0 gateway=2.2.2.2 routing-mark=wan2

Solution 2

You'll be able to do this with policy based routing, which can be done with the mangle table. Essentially it allows you to define a number of conditions and select a next hop based on them.

It's well covered here:

http://wiki.mikrotik.com/wiki/Policy_Base_Routing

Share:
9,047

Related videos on Youtube

Narbeh Davoodian
Author by

Narbeh Davoodian

Updated on September 18, 2022

Comments

  • Narbeh Davoodian
    Narbeh Davoodian almost 2 years

    I have a MikroTik RB750 (firmware 6.22) acting as a gateway for my LAN. Here is the basic configuration: 

    Ether1-WAN1 (1.1.1.10/24)
Ether2-WAN2 (2.2.2.20/24)
Ether5-LAN (192.168.1.1/24)

    IP Routes:

    AS 0.0.0.0/0 1.1.1.1 reachable on Ether1-WAN1 Distance 10
S 0.0.0.0/0 2.2.2.2 reachable on Ether2-WAN2 Distance 10

    There are some port redirects which works fine. My LAN is using internet on WAN1 (it chose by default)
    How can I configure a single IP address (a server) to NAT to 2.2.2.20 so it can use WAN2?
    I want both internet links to be running and not in failover mode for now.
    I have created a srcnat to address 2.2.2.20. In whatismyip.com, I see my IP changes to 2.2.2.20, but when I traceroute to any IP on the internet, I see it goes out of 1.1.1.1

    Thanks in advance

  • Narbeh Davoodian
    Narbeh Davoodian over 9 years
    Thank you! I guess this was the easiest way to separate traffic.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to share internet access between Ubuntu and Windows guests OS in VirtualBox?
how to connect to a remote desktop behind a router?
sharing internet between network interfaces
Missing sharing tab on network properties
Share internet connection via Ethernet and WiFi
How to get internet access in a Windows 7 virtual machine
OpenVPN tun routing (can ping tun interfaces) with mikrotik and NAT on both ends
MikroTik - can't access webfig from external / can't SSH into router from external ip
Mikrotik: Forward local ip to another local ip on specific port
(Zywall USG 300) NAT bypassed when accessing in-house-server From LAN Via domain name