Community discussions

MikroTik App
 
mstrasser
just joined
Topic Author
Posts: 3
Joined: Sun May 31, 2015 12:53 pm

Portforwarding VPN

Sun May 31, 2015 1:17 pm

Hi everybody!

I want to publish a webserver. The web server is locatated on SiteA, the public IP on SiteB.

SiteA: 10.1.1.0/24
Webserver: 10.1.1.1/24

SiteB: 10.1.2.0/24
Public IP: 8.8.8.8

Between the two sites there is a Site2Site vpn tunnel.

I've created a dst-nat from 8.8.8.8 to 10.1.1.1 dst-port=80.
On site B I can access the website via the external IP. On site B not. The problem is, that the packet comes with the external source IP from the client. I will be forwarded correctly to the web server, but the default gateway on site A router will forward it to the internet and so it will come out with the wrong src-address.

Can everyone help me?

Thank you,
kr Martin
 
planetcoop
Member Candidate
Member Candidate
Posts: 140
Joined: Thu May 15, 2014 2:32 pm
Location: Sacramento, CA

Re: Portforwarding VPN

Thu Jun 25, 2015 8:19 pm

you have to mark traffic from the server and then give it a route to take priority over the default traffic flow out the local gateway.

The way i have done this in the past was to create an address list of servers and mangle the address list with a route mark. once you have the route mark you can create a default route 0.0.0.0/0 for traffic marked and send it over the tunnel to the other site. i would recommend also creating a less preferred default route out of the local site by a COPY of the site a default route and assign it the route mark and a higher metric. This would allow fail-over if the site b was unavailable the server can still get out and would fail back to site b routing once available again.

I had found an post on this previously but can seem to find it now

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], jaclaz, RichardDok, Seko777, straightslant and 101 guests