I’ve got a rb1100 router. Until yesterday there was only one DSL connection and it used to work fine. The router servers PPTP service and forwards some ports to internally located servers. Yesterday a new DSL connection appeared and it should handle all NAT traffic except email sending/receiving. PPTP and all ‘forwarded’ services should remain on the ‘old’ DSL.
I’ve created a new route for new DSL connection with distance 1 and changed distance to 2 on the old DSL route. I’ve also created prerouting rules to mark email packets with label ‘symetryk’. Then I’ve changed the Routing Mark field on the old DSL route to ‘symetryk’. Internally all works fine - email traffic goes thru old DSL, and other traffic goes thru new DSL but PPTP and ‘forwarded’ services stopped working.
When I remove the routing mark from route and set the distance to 1 on both default gateways services are working fine but all traffic goes thru old DSL which is not what I want.
This is the current state, where I have access to services and winbox. When I change the distance and routing mark on the gateways services are not accessible.
Similar problem here.
I’m new to Mikrotik, but heard only good things. I used one of sample scripts to enable dual-wan load balancing but I lost access to internal website and ftp from wan. If I unplug 2nd wan link, servers are accesible. Tried playing with firewall rules but still nothing…
What causes this is the routing table. When a connection comes in on a certain route, I.E. your new DSL line, the router then looks at it’s routing table to determine what route to use to respond back on. If the other internet connection you have has a lesser distance, it will then use that route to respond back to you, thus making an invalid connection.
What you need to do is mark connections that come in on a specific interface and then use routing marks to insure that they go out the same interface again.
Saves CPU cycles primarily, and it’s the only rules that I have of that type on the forward chain. Once a connection has a mark, every packet that is a part of that connection also has the same mark. Once that has happened, there is no need to process that packet further.
You have to mark the connection in forward since the traffic is being forwarded over the router to a server behind the router, otherwise it doesn’t know it’s final destination yet. Then you have to mark for routing in pre-routing because the router will decide how to route the reply packets after prerouting, but before forward.
Just make an ddns and apply a domain name from Changeip.net, use an script to do DNS of ROS, then you can connect vpn through the domain name instead of the ip addr.
hello i have same problem.. i have a client PC with especial software and that soft needs connect to FTP for upload some files. but this application give to me this error:
Registros con errores graves: 0
30/12/2016 - 16:09:20 - M:2 - TFrmEnviarDatosCelular.SubirTxtServidorConnect timed out.
30/12/2016 - 16:22:18 - M:2 - TFrmEnviarDatosCelular.SubirTxtServidorNo transfer timeout (600 seconds): closing control connection