DUAL WAN work but redirecting ports is not on the same public IP

domodial · August 31, 2020, 5:36pm

Hello,

I have followed a number of topics here which have pleasantly helped me in failover. But I have a problem that I would like to share with you.

My first line is in DMZ because the modem does not support Bridge mode.

The second line is a Huawei 4G modem. (B525s-23a)
The router is in LAN Only on DMZ MT (192.168.8.2)

Today here is the situation.
When I have an ISP1 failure, mikrotik switches perfectly on the ISP2 LTE modem (huawei). The LTE modem receives a WAN IP which is dynamic, I lose my port forwarding if I want to call my services from outside. And the LAN (LTE) is 192.168.8.x

So I tried locally, and I realize that even if huawei is on 192.168.8.x I manage to get all the devices that are in 192.168.2.x

This is where I stop.
I tried with Mangle by reading the explanations but I admit that I do not understand what I am doing.

The idea, as you might expect, is that when the 192.168.2.x LAN switches to 192.168.8.x it would have to be converted to become 192.168.2.x and get the port redirects from 192.168. 2.x

But at this point I’m trying to summon as many spirits as I can but nothing happens. I even manage to lose MT completely and have to call a shaman to come back to life.

Is it possible to do what I’m trying to explain? or is it because the huawei is made in such a way that it is not possible to accomplish the mission?

If you ask me to export my config I am not even able: p But I want to try

Thank you in advance.

anav · August 31, 2020, 9:34pm

Sounds like you have dual LAN issues.
Why is there a second LAN buggering things up.

The only difference should be you coming into your router on a different WANIP.
You could also use dyndns type services so that the WANIP is transparent to the end users and they just use the same domain name to access your servers and never need to know if one wan is down etc…

domodial · September 1, 2020, 9:35am

Thanks for the reply,

i will remove the address 192.168.8.0 and make some adjustments tonight without considering LAN but just WAN of the LTE modem.

domodial · September 2, 2020, 4:01pm

I have not found the solution other than doing reserse-ssh but need a machine outside my site.

On the other hand I found the error, why I could not do port forwarding and join my network from the outside.
The answer is simply that the problem comes from my operator’s SIM card, which has no public address and does not allow port forwarding knowing that it is a SIM that shares the ipv4 address with thousands of people.

Which prevents the use that I wanted to make of it. However MT does switch from one modem to another, and inside the house I have a rescued line. From the outside it’s impossible to see what’s going on.