NAT a single IP using 2nd WAN Internet

Question

I have a MikroTik RB750 (firmware 6.22) acting as a gateway for my LAN. Here is the basic configuration:

Ether1-WAN1 (1.1.1.10/24)
Ether2-WAN2 (2.2.2.20/24)
Ether5-LAN (192.168.1.1/24)

IP Routes:

AS 0.0.0.0/0 1.1.1.1 reachable on Ether1-WAN1 Distance 10
S 0.0.0.0/0 2.2.2.2 reachable on Ether2-WAN2 Distance 10

There are some port redirects which works fine. My LAN is using internet on WAN1 (it chose by default)
How can I configure a single IP address (a server) to NAT to 2.2.2.20 so it can use WAN2?
I want both internet links to be running and not in failover mode for now.
I have created a srcnat to address 2.2.2.20. In whatismyip.com, I see my IP changes to 2.2.2.20, but when I traceroute to any IP on the internet, I see it goes out of 1.1.1.1

Thanks in advance

score 3 · Accepted Answer · answered Jan 21 '15 at 11:42

To achieve this you need to create 2 firewall rules (mangle & nat) and add a static route.

First you create the mangle rule which will mark the packets of the specific IP you want to route through WAN2 with a new routing mark. Replace 192.168.1.X with the IP you want to route via WAN2.

/ip firewall mangle add chain=prerouting  src-address=192.168.1.X \
dst-address=!192.168.1.0/24 action=mark-routing new-routing-mark=wan2

If you need to route another IP too, you can either copy this rule and change the IP or you can create an Address-List (/ip firewall address-list) and use that with a single rule.

Then you create the src-nat rule so that packets leaving from WAN2 will have the appropriate source IP instead of 192.168.1.X (depending on your current configuration you may not need to do this)

/ip firewall nat add chain=srcnat routing-mark=wan2 action=src-nat \
to-addresses=2.2.2.20

And finally you create the static route that will be used to route the marked packets via WAN2.

/ip route add dst-address=0.0.0.0/0 gateway=2.2.2.2 routing-mark=wan2

Thank you! I guess this was the easiest way to separate traffic. — Narbeh Davoodian, Jan 21 '15 at 18:22

score 2 · Answer 2 · answered Jan 20 '15 at 15:02

You'll be able to do this with policy based routing, which can be done with the mangle table. Essentially it allows you to define a number of conditions and select a next hop based on them.

It's well covered here:

http://wiki.mikrotik.com/wiki/Policy_Base_Routing

NAT a single IP using 2nd WAN Internet

2 Answers2