Internet -> Ubuntu Server -> Mikrotik -> End Device
- Ubuntu Server has 2 physical interface (ens3 & ens4)
- 1 from Internet (ens3)
- 1 for Mikrotik (ens4)
- Can create 1 Virtual Interface (ens3.2) from 1 Physycal Interface (ens3)
- Can deliver multiple vlan tag (1 & 10) for ens4 with different gateway
- VLAN ID 1 use gateway ens3
- VLAN ID 10 use gateway ens3.2
- So, if ens3.2 down, All end device with VLAN ID 10 will be lost internet connection and vice versa
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
addresses:
- 172.20.0.54/16
gateway4: 172.20.0.1
nameservers:
addresses: [172.20.0.1]
routes:
- to: 0.0.0.0/0
via: 172.20.0.1
table: 100
routing-policy:
- from: 192.168.2.0/24
table: 100
ens3.2:
dhcp4: no
addresses:
- 172.20.0.53/16
nameservers:
addresses: [172.20.0.1]
routes:
- to: 0.0.0.0/0
via: 172.20.0.1
table: 200
routing-policy:
- from: 192.168.3.0/24
table: 200
ens4:
dhcp4: no
addresses: []
vlans:
vlan1:
id: 1
link: ens4
dhcp4: no
addresses:
- 192.168.2.2/24
nameservers:
addresses: [172.20.0.1]
vlan10:
id: 10
link: ens4
dhcp4: no
addresses:
- 192.168.3.2/24
nameservers:
addresses: [172.20.0.1]
# /etc/networkd-dispatcher/routable.d/routes
#!/bin/bash
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
sudo ip link add link ens3 name ens3.2 type macvlan
sudo iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o ens3 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o ens3.2 -j MASQUERADE
sysctl -w net.ipv4.ip_forward=1
sudo ip route add 192.168.2.0/24 via 192.168.2.2 dev vlan1 table 100
sudo ip route add 192.168.3.0/24 via 192.168.3.2 dev vlan10 table 200
- See Here!