的ips have been changed for this example but it gives you the idea.
example:
wan1 ips: 69.164.219.25/24
35.2.245.2/25
35.2.245.3/25
35.2.245.125/25
wan2 ip: 16.161.237.204/29
wan3 ip: 85.24.205.212/23
lan1 ip: 172.18.7.251/22
我现在甲型肝炎e couple servers behind the firewall
server1: 172.18.7.250 with services 80,443,990,8000-8003
server2: 172.18.7.252 with services 21,22,25,53,110
with my current firewall I can create a dst-nat rule for port 80 in each interface to be natted to server 1. If I go from a computer outside my network I can hit that web server from any of those 7 wan ips. The other services like 25 smtp are only dst natted using 2 of the wan interfaces.
currently I use 1 routing table for each of the 4 ISP's. I use policy routing and connection marking to accomplish this. I tried to setup a mikrotik with a very close representation to what I do on the linux box now but it does not work.
我似乎不能用mikro做这种类型的nattik. I can setup not internet connections and do a dst-nat to one side but I can't get both wan interfaces to nat it and have the return traffic end up leaving the right interface. What happen is lets say I come in in internet connection 1 the traffic makes it to the back end server and the return traffic goes out the right interface internet connection 1 but if I try to come in internet connection 2 I see the nat happen and I see the traffic make it to the back end server but the return traffic trys to go out internet connection 1 instead when in it should be going out internet connection 2 because thats where the original connection was made from.
I don't know if this description was clear enough. I hope so.
