Hi,
I’m having trouble with forwarding ports in clasic way, when i reconfigured my router from static ip in pppoe connections.
I need 2 pppoe con’s for 2 static ips, behind my router i have a mail/ftp etc server and some pc’s for internet use.
Here is my config.
/interface ethernet
set [ find default-name=ether3 ] comment=“PRIVATE LAN” name=ether3
set [ find default-name=ether2 ] comment=“LOCAL LAN” name=ether2
set [ find default-name=ether1 ] comment=“WAN RDS - PPPOE1 + PPPOE2” name=
ether1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-local
password=XXX user=XXX
add add-default-route=yes disabled=no interface=ether1 name=pppoe-private
password=XXX user=XXX
/ip pool
add name=dhcp ranges=192.168.0.2-192.168.0.240
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2 lease-time=12h name=
dhcp-local
/ip settings
set allow-fast-path=no rp-filter=loose tcp-syncookies=yes
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
add address=192.168.1.1/24 interface=ether3 network=192.168.1.0
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=213.154.124.1,8.8.8.8 gateway=192.168.0.1
netmask=24
/ip dns
set cache-size=4096KiB servers=213.154.124.1,8.8.8.8
/ip firewall filter
add chain=input comment=“Accept established connections” connection-state=
established
add chain=input comment=“Accept related connections” connection-state=
related,new
add action=accept chain=input comment=UDP protocol=udp
add action=fasttrack-connection chain=forward comment=“Accept fasttracking”
connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input in-interface=all-ethernet protocol=icmp
add action=accept chain=input protocol=tcp
add action=accept chain=input in-interface=pppoe-private protocol=icmp
add action=accept chain=input comment=“Accept ping from outside pppoe-local”
in-interface=pppoe-local log=yes log-prefix=ping protocol=icmp
add action=accept chain=input comment=“Accept ping from inside lan-private”
in-interface=all-ethernet log=yes log-prefix=ping protocol=icmp
add action=accept chain=input comment=“Accept ping from inside lan-local”
in-interface=ether2 log=yes log-prefix=ping protocol=icmp
add action=accept chain=input src-address=192.168.0.0/24
add action=accept chain=input src-address=192.168.1.0/24
/ip firewall mangle
add action=mark-packet chain=prerouting comment=“Mark packets for LOCAL LAN”
new-packet-mark=lan-local passthrough=yes src-address=192.168.0.0/24
add action=mark-packet chain=prerouting comment=“Mark packets for PRIVATE LAN”
new-packet-mark=lan-private passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting comment=
“Send packets to right routing table - LAN local” new-routing-mark=
lan-local packet-mark=lan-local passthrough=no
add action=mark-routing chain=prerouting comment=
“Send packets to right routing table - PRIVATE LAN” new-routing-mark=
lan-private packet-mark=lan-private passthrough=no
add action=mark-connection chain=output comment=
“Mark packets for right output PPPOE connections” connection-mark=no-mark
log=yes new-connection-mark=lan-local out-interface=pppoe-local
passthrough=yes
add action=mark-connection chain=output connection-mark=no-mark log=yes
new-connection-mark=lan-private out-interface=pppoe-private passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=“NAT LOCAL LAN” log=yes log-prefix=
nat-local out-interface=pppoe-local src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment=“NAT Private network” log=yes
log-prefix=nat-private out-interface=pppoe-private src-address=
192.168.1.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add check-gateway=ping distance=1 gateway=pppoe-local routing-mark=lan-local
add check-gateway=ping distance=2 gateway=pppoe-private routing-mark=
lan-private
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=100
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Bucharest
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface=pppoe-local
add interface=pppoe-private
when i try to open a port with
add action=dst-nat chain=dstnat dst-address=86.120.XXX.XXX dst-port=22 protocol=tcp to-addresses=192.168.1.145 to-ports=22
i get no connection from outside.
I think i need something for input in mangle rules but i can’t find what.
sorry for posting like this i’m newbie in this.
Thanks in advance
Best Regards,
Mihai