ftp Port fowading

arthurmitch · Mon Jan 31, 2011 3:20 pm

Hey ok i have my port forwarding setup like this chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=20-21 protocol=tcp dst-port=20-21 and well i have the pcc module that i setted up to use my two adsl routers as fail over and to split traffic but if i want to foward ftp traffic to my ftp server aka my freenas box it doesn't work!! it keeps on dropping the connection! any help will greatly be appreciated

sariao · Mon Jan 31, 2011 3:38 pm

where you are trying to connect to your NAS from? internet ?
if so? incoming connection should always get back from the same source. means if the request came from DSL modem1 then it must get out thru the same connection other wise the session will be dropped. to fix this you need ether to bypass your NAS server from load balancing or you need to mark you incoming FTP session to be Prerouted to the same incoming WAN interface

arthurmitch · Mon Jan 31, 2011 3:41 pm

ok how do i mark it or bypass it what would be the best?

sariao · Mon Jan 31, 2011 3:56 pm

bypassing it would be much easier of course.

but in this case you will be able to access your FTP from one modem only.
so in your dst-nat rule you need to specify the in-interface or dst-address which would be corresponded to WAN1 or WAN2

arthurmitch · Mon Jan 31, 2011 4:02 pm

ok nope then i need to make them work from both routers wan1 and wan2! if possible

sariao · Mon Jan 31, 2011 4:04 pm

post your mangle, NAT and route configurations

arthurmitch · Tue Feb 01, 2011 7:31 am

mangle:

0 chain=input action=mark-connection new-connection-mark=wan1_conn
passthrough=no in-interface=ether1-Mweb-Router

1 chain=input action=mark-connection new-connection-mark=wan2_conn
passthrough=no in-interface=ether3-I.S-Router

2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no
out-interface=ether1-Mweb-Router

3 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no
out-interface=ether3-I.S-Router

4 chain=prerouting action=accept dst-address=41.134.110.0/28
in-interface=ether1-Mweb-Router

5 chain=prerouting action=accept dst-address=196.212.100.0/28
in-interface=ether3-I.S-Router

6 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address=!192.168.88.0/24
in-interface=ether2-Main-LAN
per-connection-classifier=both-addresses:2/0

7 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address=!192.168.88.0/24
in-interface=ether2-Main-LAN
per-connection-classifier=both-addresses:2/1

8 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=no in-interface=ether2-Main-LAN connection-mark=wan1_conn

9 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=no in-interface=ether2-Main-LAN connection-mark=wan2_conn

nat:
0 chain=srcnat action=masquerade out-interface=ether1-Mweb-Router

1 chain=srcnat action=masquerade out-interface=ether3-I.S-Router

2 chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=20-21
protocol=tcp dst-port=20-21

routes:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 41.134.110.9 1
1 A S 0.0.0.0/0 196.212.100.145 1
2 A S 0.0.0.0/0 41.134.110.9 1
3 S 0.0.0.0/0 196.212.100.145 2
4 ADC 41.134.110.0/28 41.134.110.11 ether1-Mweb-Router 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-Main-LAN 0
6 ADC 196.212.100.144/28 196.212.100.148 ether3-I.S-Router 0

sariao · Tue Feb 01, 2011 10:35 am

Greetings.

Try to paste this code to your terminal.
the 1st 2 lines are fixing your original records number 4, and 5 where you assigned wrong in-interface to the rule

the 2nd 2 lines are to ignore packets generated by router from being balanced, mangle output will take care of routing this packet to the right interface where you already marking connections coming to each interface

/ip fire man set 4 chain=prerouting action=accept dst-address=41.134.110.0/28 in-interface=ether2-Main-LAN
/ip fire man set 5 chain=prerouting action=accept dst-address=196.212.100.0/28 in-interface=ether2-Main-LAN

/ip fire man add chain=prerouting src-address=41.134.110.0/28 protocol=tcp src-port=20-21 action=accept place-before=6
/ip fire man add chain=prerouting src-address=196.212.100.0/28 protocol=tcp src-port=20-21 action=accept place-before=6

arthurmitch · Wed Feb 02, 2011 12:29 am

ok did it but no luck with my ftp should i do a nat rule aswell?

sariao · Wed Feb 02, 2011 8:59 am

/ip fire man
set 0 passthrough=yes
set 1 passthrough=yes
set 2 passthrough=yes
set 3 passthrough=yes

/ip fire man
add action=mark-connection chain=forward connection-state=new in-interface=ether1-Mweb-Router new-connection-mark=outside1_connection passthrough=no
add action=mark-connection chain=forward connection-state=new in-interface=ether3-I.S-Router new-connection-mark=outside2_connection passthrough=no
add action=mark-routing chain=prerouting connection-mark=outside1_connection new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=outside2_connection new-routing-mark=to_wan2 passthrough=no

/ip fire nat
add place-before=0 chain=src-nat connection-mark=wan1_conn action=src-nat to-addresses=[put your router eth1 public address here]
add place-before=0 chain=src-nat connection-mark=wan2_conn action=src-nat to-addresses=[put your router eth2 public address here]

if this did not work. refer to the topic
http://forum.mikrotik.com/viewtopic.php?f=2&t=48787

arthurmitch · Wed Feb 02, 2011 10:24 am

ok sorry didn't check if the server was on ok but what i did was i added this rule in my nat

2 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-21
protocol=tcp dst-port=20-21

and in my service ports in my firewall i activated ftp helper and my ftp seems it is working!

but now another question my one brilliant programmer used the public ip address for ftp access hardcoded in the program is there a loopback i need to add if they use like any of 196.212.100.148 or 41.134.110.11 on the internal network that it just returns back to my prox without going out and then back in?

sariao · Wed Feb 02, 2011 10:52 am

in matter fact your dst-nat rule does not specify any in-interface or dst-address in this case any FTP session will be redirected to your local server which is not good.
so frist fix your outside dst-nat

/ip fire nat add chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-21 protocol=tcp dst-port=20-21 dst-address=[put your router public ip 1]
/ip fire nat add chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-21 protocol=tcp dst-port=20-21 dst-address=[put your router public ip 2]

This would solve your internal users as well. if it did not work for internal ips! in your nat chain add this rule before zero

/ip fire nat add chain=src-nat dst-address=[put your router public ip 1] action=accept place-before=0
/ip fire nat add chain=src-nat dst-address=[put your router public ip 2] action=accept place-before=0

and Good Luck!

arthurmitch · Wed Feb 02, 2011 1:47 pm

thank you very much Sariman it is work beautifully!!!!!

arthurmitch · Sat Feb 05, 2011 8:58 am

ok one problem i have connections outside like from my house to my office it works but when im at my office and they use my public ip on my private ip to acsess my ftp server and the connection is timing out then

arthurmitch · Sat Feb 05, 2011 9:01 am

my programmer harcoded the program to use ex: ftp://41.134.110.11 in the program and it works fine outside but not on my local subnet. is there a rule or a loopback i need to enter somwhere?

sariao · Sat Feb 05, 2011 9:08 am

Try to use these rule in your preroute chain

/ip fire man add chain=prerouting src-add=192.168.88.0/24 dst-address=[put your router public ip 1] action=accept place-before=0
/ip fire man add chain=prerouting src-add=192.168.88.0/24 dst-address=[put your router public ip 2] action=accept place-before=0

arthurmitch · Sat Feb 05, 2011 9:32 am

ok i keepon getting this erro when pasting it in expected end of command (line 1 collum35)

arthurmitch · Sat Feb 05, 2011 9:45 am

my ip firewall mangel looks like this now

0 chain=input action=mark-connection new-connection-mark=wan1_conn
passthrough=no in-interface=ether1-Mweb-Router

1 chain=input action=mark-connection new-connection-mark=wan2_conn
passthrough=no in-interface=ether3-I.S-Router

2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no
out-interface=ether1-Mweb-Router

3 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no
out-interface=ether3-I.S-Router

4 chain=prerouting action=accept dst-address=41.134.110.0/28
in-interface=ether2-Main-LAN

5 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=20-21

6 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=22

7 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=80

8 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=81

9 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=443

10 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=3203

11 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=3204

12 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=3306

13 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=5900-5935

14 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=6010

15 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=6000-6001

16 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=7000

17 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28
src-port=8080-8082

18 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=20-21

19 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=22

20 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=80

21 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=81

22 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=5900-5935

23 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=3203

24 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=3204

25 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=443

26 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=3306

27 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=6010

28 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=6000-6001

29 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=7000

30 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28
src-port=8080-8082

31 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address=!192.168.88.0/24
in-interface=ether2-Main-LAN
per-connection-classifier=both-addresses:2/0

32 chain=prerouting action=accept dst-address=196.212.100.0/28
in-interface=ether2-Main-LAN

33 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address=!192.168.88.0/24
in-interface=ether2-Main-LAN
per-connection-classifier=both-addresses:2/1

34 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=no in-interface=ether2-Main-LAN connection-mark=wan1_conn

35 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=no in-interface=ether2-Main-LAN connection-mark=wan2_conn

sariao · Sat Feb 05, 2011 12:22 pm

Use this

/ip fire nat add chain=src-nat dst-address=192.168.88.0/24 action=accept place-before=0

arthurmitch · Tue Feb 08, 2011 9:42 am

ok now im having the following problem port forwarding is working on my router but only from my on public ip address 196.212.100.148 and cannot access it via 41.134.110.10 but if i dissable interface 196.212.100.148 ,41.134.110.10 starts working!
here is my nat print:

0 ;;; Loopback-Connection 1
chain=srcnat action=masquerade protocol=tcp src-address=192.168.88.0/24 dst-address=192.168.88.2 out-interface=ether2-Main-LAN

1 chain=srcnat action=masquerade out-interface=ether1-Mweb-Router

2 I chain=srcnat action=masquerade out-interface=ether3-I.S-Router

3 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-21 protocol=tcp dst-address=41.134.110.10 dst-port=20-21

4 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=22 protocol=tcp dst-address=41.134.110.10 dst-port=22

5 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80 protocol=tcp dst-address=41.134.110.10 dst-port=80

6 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=81 protocol=tcp dst-address=41.134.110.10 dst-port=81

7 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=41.134.110.10 dst-port=443

8 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203 protocol=tcp dst-address=41.134.110.10 dst-port=3203

9 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3204 protocol=tcp dst-address=41.134.110.10 dst-port=3204

10 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3306 protocol=tcp dst-address=41.134.110.10 dst-port=3306

11 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=41.134.110.10 dst-port=5900-5935

12 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6001 protocol=tcp dst-address=41.134.110.10 dst-port=6000-6001

13 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6010 protocol=tcp dst-address=41.134.110.10 dst-port=6010

14 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=41.134.110.10 dst-port=7000

15 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=41.134.110.10 dst-port=8080-8082

16 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-21 protocol=tcp dst-address=196.212.100.148 dst-port=20-21

17 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=22 protocol=tcp dst-address=196.212.100.148 dst-port=22

18 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80 protocol=tcp dst-address=196.212.100.148 dst-port=80

19 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=81 protocol=tcp dst-address=196.212.100.148 dst-port=81

20 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=196.212.100.148 dst-port=443

21 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203 protocol=tcp dst-address=196.212.100.148 dst-port=3203

22 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3204 protocol=tcp dst-address=196.212.100.148 dst-port=3204

23 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3306 protocol=tcp dst-address=196.212.100.148 dst-port=3306

24 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=196.212.100.148 dst-port=5900-5935

25 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6001 protocol=tcp dst-address=196.212.100.148 dst-port=6000-6001

26 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6010 protocol=tcp dst-address=196.212.100.148 dst-port=6010

27 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=196.212.100.148 dst-port=7000

28 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=196.212.100.148 dst-port=8080-8082

and my mangel print:

0 chain=input action=mark-connection new-connection-mark=wan1_conn passthrough=no in-interface=ether1-Mweb-Router

1 I chain=input action=mark-connection new-connection-mark=wan2_conn passthrough=no in-interface=ether3-I.S-Router

2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no out-interface=ether1-Mweb-Router

3 I chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no out-interface=ether3-I.S-Router

4 chain=prerouting action=accept dst-address=41.134.110.0/28 in-interface=ether2-Main-LAN

5 chain=prerouting action=accept dst-address=196.212.100.0/28 in-interface=ether2-Main-LAN

6 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=20-21

7 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=22

8 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=80

9 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=81

10 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=443

11 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=3203

12 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=3204

13 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=3306

14 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=5900-5935

15 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=6010

16 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=6000-6001

17 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=7000

18 chain=prerouting action=accept protocol=tcp src-address=41.134.110.0/28 in-interface=ether1-Mweb-Router src-port=8080-8082

19 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=20-21

20 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=22

21 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=80

22 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=81

23 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=5900-5935

24 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=3203

25 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=3204

26 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=443

27 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=3306

28 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=6010

29 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=6000-6001

30 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=7000

31 chain=prerouting action=accept protocol=tcp src-address=196.212.100.0/28 src-port=8080-8082

32 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes dst-address=!192.168.88.0/24 in-interface=ether2-Main-LAN
per-connection-classifier=both-addresses:2/0

33 chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes dst-address=!192.168.88.0/24 in-interface=ether2-Main-LAN
per-connection-classifier=both-addresses:2/1

34 chain=prerouting action=mark-routing new-routing-mark=to_wan1 passthrough=no in-interface=ether2-Main-LAN connection-mark=wan1_conn

35 chain=prerouting action=mark-routing new-routing-mark=to_wan2 passthrough=no in-interface=ether2-Main-LAN connection-mark=wan2_conn

and my route print:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 41.134.110.9 1
1 S 0.0.0.0/0 196.212.100.145 1
2 A S 0.0.0.0/0 41.134.110.9 1
3 S 0.0.0.0/0 196.212.100.145 2
4 ADC 41.134.110.0/28 41.134.110.10 ether1-Mweb-Router 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-Main-LAN 0

so basically what happens was the connection comes in but it leaves via the other wan connection, how do i make it use the same rout it came in from?

sariao · Wed Feb 09, 2011 12:12 pm

Add This

/ip fire man add action=mark-routing chain=output new-routing-mark=to_wan1 passthrough=no src-address=41.134.110.0/28 place-before=0

/ip fire man add action=mark-routing chain=output new-routing-mark=to_wan2 passthrough=no src-address=196.212.100.0/28 place-before=0

I have notice another thing here:

and my route print:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 41.134.110.9 1
1 S 0.0.0.0/0 196.212.100.145 1
2 A S 0.0.0.0/0 41.134.110.9 1
3 S 0.0.0.0/0 196.212.100.145 2
4 ADC 41.134.110.0/28 41.134.110.10 ether1-Mweb-Router 0
5 ADC 192.168.88.0/24 192.168.88.1 ether2-Main-LAN 0

Where is the dynamic route record for interface ether3-I.S-Router ?

also when you want to show your route list use "export" or "print detail" so we can see the routing mark on each record

how ever the above code should solve your problem.

arthurmitch · Thu Feb 10, 2011 8:58 am

0 A S dst-address=0.0.0.0/0 gateway=41.134.110.9
gateway-status=41.134.110.9 reachable ether1-Mweb-Router
check-gateway=ping distance=1 scope=30 target-scope=10
routing-mark=to_wan1

1 A S dst-address=0.0.0.0/0 gateway=196.212.100.145
gateway-status=196.212.100.145 reachable ether3-I.S-Router
check-gateway=ping distance=1 scope=30 target-scope=10
routing-mark=to_wan2

2 A S dst-address=0.0.0.0/0 gateway=41.134.110.9
gateway-status=41.134.110.9 reachable ether1-Mweb-Router
check-gateway=ping distance=1 scope=30 target-scope=10

3 S dst-address=0.0.0.0/0 gateway=196.212.100.145
gateway-status=196.212.100.145 reachable ether3-I.S-Router distance=2
scope=30 target-scope=10

4 ADC dst-address=41.134.110.0/28 pref-src=41.134.110.10
gateway=ether1-Mweb-Router
gateway-status=ether1-Mweb-Router reachable distance=0 scope=10

5 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1
gateway=ether2-Main-LAN gateway-status=ether2-Main-LAN reachable
distance=0 scope=10

6 ADC dst-address=196.212.100.144/28 pref-src=196.212.100.148
gateway=ether3-I.S-Router gateway-status=ether3-I.S-Router reachable
distance=0 scope=10

still there is incoming connection from 41.134.110.10 but 196.212.100.148 is still down for some reason?

spookman · Fri Mar 04, 2011 8:03 am

arthurmitch,

I am trying to do exactly what you are, I have 2 connections 1 from MWEB and 1 VODACOM.
can you help me.

I need load balancing with fail over, port forwarding and also if I access the external IP from internal it needs to work. could you send me you mangle,nat,filter,routes tables.

Also how are you dealing with fail over ? the check-gateway will never fail as pppoe is handled by the MWEB and VODACOM routers.
I am having the same problems were port forwarding works on some things but not others, and I think it has to do with the fact that the session comes in on the WAN1 but is going back out on WAN2.

Any help would be appreciated

Thanks.

arthurmitch · Fri Mar 04, 2011 9:12 am

ok one thing u may give me a cal on 0725734126 or i can briefly explain this there is one rule that i managed to mess up u go ti /ip firewall and edit rule 6 and 7 and go to extra and select dst adress type make the option local and tick invert and remove the option on general tab that states dst adress

ftp Port fowading

ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Re: ftp Port fowading

Who is online