Hello everyone, I have problem with my Mikrotik.
This is first time I use mikrotik, I already use Cisco, Vigor before use mikrotik but not hard like mikrotik.
My device have 8 port, and I config 3 pppoe for 3 WAN for 3 Port 1/2/3. And this my config
Step 1. WAN 1/2 >> LAN 4/5/6 >> bridge1 + vlan10 / vlan20 >> Use Load Balancing + port forwarding: 3389
Step 2. WAN 3 >> LAN 7 >> port forwarding: 5544
I already setup like this, can load balancing and vlan but can’t port forwarding any network, i know my problem is bridge and route, really I want config WAN 1/2 and WAN 3 be like not same device ( but i have only 1 device) .I try many way, and now i try test only Load Balancing WAN1/2 and still can’t port forwarding .
I already use 2 week for search any way to do it but my mikrotik is not good boy >..< . Can you help me please ? Thanks so much.
It’s not the language barrier, it’s the lack of info. What you describe can be configured in several different ways. How can anyone guess what exactly you did and what’s wrong there?
This will work only if you do DST-NAT and SRC-NAT for each device, because on load-balancing you get dynamic ingress and egress traffic, so if you ask router to access form outside from ISP1 IP it will respond back with a traffic from ISP2 that is the problem! But if you do a src-nat that the IP that you need to access via port forwarding to respond you back from the same wan line as you request!
Actually that does not have to be a problem, when you have the proper route-marking or route rules in place.
There are articles on the forum that describe a properly configured load balancing solution and these tackle this kind of issues.
Ilir, that’s not how srcnat and dstnat chains of /ip firewall filter work.
Only the initial packet of each connection passes through these chains; all the subsequent packets of each connection inherit the srcnat and dstnat handling from the initial packet thanks to connection tracking (or the mirror one for the opposite direction). So when a request was initiated from the LAN and src-nated, the response to it is dst-nated automatically by the connection tracker, not by a dst-nat rule.
But connection tracking does not directly affect routing, so to make sure that the responses from devices on LAN will be sent out via the same interface through which the requests dst-nated to those devices came in, you have to assign a connection-mark to the initial packet of the connection coming in via one of the WANs, and translate that connection-mark into a routing-
mark for each packet of that connection sent from LAN, and configure routes via the WANs marked with these _routing-mark_s.
One of the articles which @pe1chl has mentioned is this one.
.
Sorry, because I already remove all config so i can’t post. My config easy: 2 PPPoe, config load balancing, Port forwarding, and some seting. I will post later for you. Thanks.