2 isps 2 lans and dst-nat

NikitaPlotnikov · September 25, 2017, 2:31pm

hi to all. sorry for my English.
i have 2 ISPs with static IP
first - 1.1.1.1
second - 2.2.2.2
and have 2 separated lans
first - 192.168.1.0/24
second - 172.16.1.0/24
lan1 have publish internal resource, like web server 80 port at ISP1
what i need:

ping External IP ISP2 from lan1 and vice versa.
access to publish port 80 from lan2 through External IP ISP1

NikitaPlotnikov · September 27, 2017, 10:10am

friends, any reply really need.
what i have now:
/interface bridge
add comment=LAN-TMG name=bridge-MT //// LAN1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN-Spekles name=ISP1-ether1
set [ find default-name=ether2 ] comment=WAN-DOM name=ISP2-ether2
set [ find default-name=ether3 ] comment=WAN-DOMru-Unifi name=ISP3-ether3
set [ find default-name=ether5 ] comment=LAN-Unifi //// LAN2
/ip firewall mangle
add action=mark-routing chain=prerouting comment=“” dst-address-list=to-Spekles
new-routing-mark=Spekles_R passthrough=no
add action=mark-routing chain=prerouting comment=“” connection-state=“” dst-port=25 in-interface=bridge-MT
new-routing-mark=Spekles_R passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment=“” in-interface=ether5 new-routing-mark=lan_OUT_Unifi_Routing-Mark
passthrough=no
/ip route
add distance=1 gateway=77.156.95.65 routing-mark=Spekles_R
add distance=5 gateway=176.213.136.254 routing-mark=
lan_OUT_Unifi_Routing-Mark
add distance=9 gateway=176.213.140.254
add distance=10 gateway=77.156.95.65so, what i need:
bridge-MT → ISP2-ether2
LAN-Unifi → WAN-DOMru-Unifi
and LAN1+LAN2 must use ISP1-ether1 if dst-address-list=to-Spekles
now from LAN2 i can not get ping External IP ISP1-ether1 while dont disable add distance=5 gateway=176.213.136.254 routing-mark= lan_OUT_Unifi_Routing-Markand
from LAN2 can not get publish at ISP1-ether1 add action=dst-nat chain=dstnat dst-address=
11.11.11.11 dst-port=443 in-interface=ISP1-ether1 protocol=tcp
to-addresses=172.16.16.16

morituruz · September 28, 2017, 11:00am

You should try PCC method:
https://wiki.mikrotik.com/wiki/Manual:PCC

NikitaPlotnikov · September 28, 2017, 12:24pm

i dont need failover or merge. in my network are two SEPARATE LAN and two SEPARATE WAN.
i just want use publish servers at lan1 from lan2 through INTERNET, like users LAN2 are in another office.

NikitaPlotnikov · October 3, 2017, 1:56pm

friends. I have found the solution.
first - made dst-address exception in mangle rule for External IP WAN1
add action=mark-routing chain=prerouting comment=“” dst-address=!2.2.2.2 in-interface=ether5 new-routing-mark=lan_OUT_Unifi_Routing-Mark
passthrough=no
as a result i can ping External IP
second - in dst-nat rule remove in-interface options
add action=dst-nat chain=dstnat dst-port=443 in-interface=ISP1-ether1 protocol=tcp
to-addresses=172.16.16.16
and now i cat get internal servers at LAN1 through External IP
maybe at will help anyone.
p.s. which teg code i must use for routerOS code?