Hi,
My Nat rules are on top and the ipip gateway is an IP address. I double checked everything but still no success.
I would need to see full exports from each then in order to proceed.
factory:
/interface ethernet
set [ find default-name=ether24 ] name=Adsl
set [ find default-name=ether23 ] name=Airgrid
set [ find default-name=ether1 ] name=ether1-master-local
set [ find default-name=ether2 ] master-port=ether1-master-local name=ether2-slave-local
set [ find default-name=ether3 ] master-port=ether1-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether1-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether1-master-local name=ether5-slave-local
set [ find default-name=ether6 ] master-port=ether1-master-local name=ether6-slave-local
set [ find default-name=ether7 ] master-port=ether1-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether1-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether1-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether1-master-local name=ether10-slave-local
set [ find default-name=ether11 ] master-port=ether1-master-local name=ether11-slave-local
set [ find default-name=ether12 ] master-port=ether1-master-local name=ether12-slave-local
set [ find default-name=ether13 ] master-port=ether1-master-local name=ether13-slave-local
set [ find default-name=ether14 ] master-port=ether1-master-local name=ether14-slave-local
set [ find default-name=ether15 ] master-port=ether1-master-local name=ether15-slave-local
set [ find default-name=ether16 ] master-port=ether1-master-local name=ether16-slave-local
set [ find default-name=ether17 ] master-port=ether1-master-local name=ether17-slave-local
set [ find default-name=ether18 ] master-port=ether1-master-local name=ether18-slave-local
set [ find default-name=ether19 ] master-port=ether1-master-local name=ether19-slave-local
set [ find default-name=ether20 ] master-port=ether1-master-local name=ether20-slave-local
set [ find default-name=ether21 ] master-port=ether1-master-local name=ether21-slave-local
set [ find default-name=ether22 ] master-port=ether1-master-local name=ether22-slave-local
set [ find default-name=sfp1 ] master-port=ether1-master-local name=sfp1-slave-local
/interface pppoe-client
/interface pppoe-server
add name=pppoe-Server service="" user=""
/interface l2tp-server
add name=l2tp-in1 user=""
/interface ipip
add !keepalive name=ipip-tunnel1 remote-address=Valid IP Address
/interface eoip
add disabled=yes !keepalive mac-address=02:60:B3:2E:97:A4 name=eoip-tunnel1 remote-address=(Valid IP Address) tunnel-id=10
/ip neighbor discovery
set Adsl discover=no
set Airgrid discover=no
set ether2-slave-local discover=no
set ether3-slave-local discover=no
set ether4-slave-local discover=no
set ether5-slave-local discover=no
set ether6-slave-local discover=no
set ether7-slave-local discover=no
set ether8-slave-local discover=no
set ether9-slave-local discover=no
set ether10-slave-local discover=no
set ether11-slave-local discover=no
set ether12-slave-local discover=no
set ether13-slave-local discover=no
set ether14-slave-local discover=no
set ether15-slave-local discover=no
set ether16-slave-local discover=no
set ether17-slave-local discover=no
set ether18-slave-local discover=no
set ether19-slave-local discover=no
set ether20-slave-local discover=no
set ether21-slave-local discover=no
set ether22-slave-local discover=no
set sfp1-slave-local discover=no
set Wireless discover=no
set l2tp-in1 discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=0s pfs-group=none
/ip pool
add name=dhcp_pool1 ranges=192.168.1.20-192.168.1.100
add name=dhcp_pool2 ranges=192.168.1.20-192.168.1.254
add name=dhcp_pool3 ranges=192.168.0.3-192.168.0.10
add name=VPN ranges=192.168.4.10-192.168.4.100
add name=PPPoE ranges=10.10.10.5-10.10.10.50
add name=dhcp_pool8 ranges=192.168.2.20-192.168.2.100
/ip dhcp-server
add address-pool=dhcp_pool3 authoritative=after-2sec-delay disabled=no interface=Adsl lease-time=1h name=dhcp2
add address-pool=dhcp_pool1 disabled=no interface=ether1-master-local lease-time=8h name=dhcp1
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.4.1 name=VPN remote-address=VPN use-encryption=required
add dns-server=8.8.8.8,8.8.4.4 local-address=10.10.10.1 name=PPPoE remote-address=PPPoE
/routing ospf area
set [ find default=yes ] disabled=yes
/routing ospf instance
set [ find default=yes ] disabled=yes redistribute-connected=as-type-1 redistribute-static=as-type-1
/tool user-manager customer
/tool user-manager profile
add name=512K name-for-users="" override-shared-users=off owner=admin price=0 starts-at=logon validity=0s
add name=256K name-for-users="" override-shared-users=off owner=admin price=0 starts-at=logon validity=0s
add name=Unlimited name-for-users="" override-shared-users=off owner=admin price=0 starts-at=logon validity=0s
add name=1024K name-for-users="" override-shared-users=off owner=admin price=0 starts-at=logon validity=0s
add name=256k-500MB name-for-users="" override-shared-users=off owner=admin price=0 starts-at=logon validity=7s
/tool user-manager profile limitation
add address-list="" download-limit=0B group-name="" ip-pool="" name=256K owner=admin rate-limit-min-rx=256000B rate-limit-min-tx=256000B rate-limit-priority=1 rate-limit-rx=256000B rate-limit-tx=256000B \
transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=512K owner=admin rate-limit-min-rx=512000B rate-limit-min-tx=512000B rate-limit-priority=1 rate-limit-rx=512000B rate-limit-tx=512000B \
transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=Unlimited owner=admin rate-limit-priority=1 transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=1024K owner=admin rate-limit-min-rx=1024000B rate-limit-min-tx=1024000B rate-limit-priority=1 rate-limit-rx=1024000B rate-limit-tx=\
1024000B transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=524288000B group-name="" ip-pool="" name=256K-500MB owner=admin rate-limit-min-rx=256000B rate-limit-min-tx=256000B rate-limit-priority=1 rate-limit-rx=256000B \
rate-limit-tx=256000B transfer-limit=0B upload-limit=524288000B uptime-limit=0s
/ip firewall connection tracking
set enabled=yes
/interface pppoe-server server
add default-profile=PPPoE disabled=no interface=ether1-master-local keepalive-timeout=disabled one-session-per-host=yes service-name=PPPoE_Server
/ip accounting
set account-local-traffic=yes enabled=yes
/ip address
add address=192.168.1.2/24 interface=ether1-master-local network=192.168.1.0
add address=192.168.0.2/24 interface=Adsl network=192.168.0.0
add address=192.168.3.1/24 interface=Airgrid network=192.168.3.0
add address=2.2.2.1/24 interface=ipip-tunnel1 network=2.2.2.0
/ip arp
add address=192.168.1.4 interface=ether1-master-local mac-address=1C:6F:65:A0:9C:73
add address=192.168.1.7 interface=ether1-master-local mac-address=5C:D9:98:B4:EB:C9
add address=192.168.1.6 interface=ether1-master-local mac-address=1C:87:2C:5A:91:B1
add address=192.168.1.5 interface=ether1-master-local mac-address=40:8D:5C:77:45:99
add address=192.168.1.8 interface=ether1-master-local mac-address=40:8D:5C:3F:F2:18
add address=192.168.1.199 interface=ether1-master-local mac-address=4C:11:BF:09:5F:1D
add address=192.168.1.210 interface=ether1-master-local mac-address=00:0C:9F:A0:6E:FA
add address=192.168.1.211 interface=ether1-master-local mac-address=00:0C:9F:A0:6E:EB
/ip cloud
set ddns-enabled=yes
/ip dhcp-server alert
add interface=ether1-master-local valid-server=4C:5E:0C:A3:1E:33
/ip dhcp-server lease
add address=192.168.1.6 mac-address=1C:87:2C:5A:91:B1
add address=192.168.1.8 mac-address=40:8D:5C:3F:F2:18
add address=192.168.1.4 mac-address=1C:6F:65:A0:9C:73
add address=192.168.1.5 mac-address=40:8D:5C:77:45:99
add address=192.168.1.7 mac-address=5C:D9:98:B4:EB:C9
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.2
add address=192.168.1.0/24 dns-server=192.168.1.7,8.8.8.8 gateway=192.168.1.2
/ip dns
set servers=8.8.8.8,8.8.4.4,4.2.2.4,4.2.2.3
/ip firewall mangle
add action=mark-connection chain=input disabled=yes in-interface=Airgrid new-connection-mark=Airgred_conn passthrough=no
add action=mark-connection chain=input disabled=yes in-interface=Adsl new-connection-mark=Adsl_conn passthrough=yes
add action=mark-routing chain=output connection-mark=Airgred_conn disabled=yes new-routing-mark=to_Airgred passthrough=no
add action=mark-routing chain=output connection-mark=Adsl_conn disabled=yes new-routing-mark=to-Adsl passthrough=no
/ip firewall nat
add action=netmap chain=dstnat dst-address=192.168.10.0/24 src-address=192.168.20.0/24 to-addresses=192.168.1.0/24
add action=netmap chain=srcnat dst-address=192.168.20.0/24 src-address=192.168.1.0/24 to-addresses=192.168.10.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out2 src-address=192.168.1.100
add action=masquerade chain=srcnat comment="ADSL NAT" dst-address-list=!Local out-interface=pppoe-out2 src-address-list=Internet
add action=masquerade chain=srcnat comment="Wireless Nat" dst-address-list=!Local out-interface=Wireless src-address-list=Internet
add action=masquerade chain=srcnat comment="VPN Nat" src-address=192.168.4.0/24
add action=masquerade chain=srcnat comment="ADSL Modem Webpage" out-interface=Adsl
add action=masquerade chain=srcnat comment="AirGrid Webpage" out-interface=Airgrid
add action=dst-nat chain=dstnat comment="Kasra-Remote Web Access" dst-address= dst-port=8090 protocol=tcp to-addresses=192.168.1.8 to-ports=80
add action=dst-nat chain=dstnat comment="Kasra-Remote Web Access" dst-address= dst-port=8090 protocol=tcp to-addresses=192.168.1.8 to-ports=80
add action=dst-nat chain=dstnat comment="Kasra-Remote Desktop(ADSL)" dst-address= dst-port=1396 protocol=tcp to-addresses=192.168.1.8 to-ports=3389
add action=dst-nat chain=dstnat comment="Kasra-Remote Desktop(ADSL)" dst-address= dst-port=2017 protocol=tcp to-addresses=192.168.1.7 to-ports=3389
add action=dst-nat chain=dstnat comment="Kasra-Remote Desktop(Wireless)" dst-address= dst-port=1396 protocol=tcp to-addresses=192.168.1.8 to-ports=3389
add action=dst-nat chain=dstnat comment="Ican-Remote Desktop" dst-address= dst-port=3389 protocol=tcp to-addresses=192.168.1.6 to-ports=3389
add action=dst-nat chain=dstnat comment="Ican-Remote Desktop(Wireless)" dst-address= dst-port=3389 protocol=tcp to-addresses=192.168.1.6 to-ports=3389
add action=dst-nat chain=dstnat dst-address= dst-port=80 protocol=tcp to-addresses=192.168.1.6 to-ports=80
add action=dst-nat chain=dstnat dst-address= dst-port=80 protocol=tcp to-addresses=192.168.1.6 to-ports=80
add action=dst-nat chain=dstnat dst-address= dst-port=80 protocol=udp to-addresses=192.168.1.6 to-ports=80
add action=dst-nat chain=dstnat dst-address= dst-port=80 protocol=udp to-addresses=192.168.1.6 to-ports=80
add action=dst-nat chain=dstnat dst-address= dst-port=3389 protocol=udp to-addresses=192.168.1.6 to-ports=3389
add action=dst-nat chain=dstnat dst-address= dst-port=3389 protocol=udp to-addresses=192.168.1.6 to-ports=3389
add action=dst-nat chain=dstnat dst-port=9 protocol=udp to-addresses=192.168.1.50 to-ports=9
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out2
add distance=2 gateway=Wireless
add check-gateway=ping disabled=yes distance=4 dst-address=192.168.1.18/32 gateway=2.2.2.2
add disabled=yes distance=1 dst-address=192.168.1.111/32 gateway=eoip-tunnel1
add disabled=yes distance=1 dst-address=192.168.2.0/24 gateway=eoip-tunnel1
add distance=1 dst-address=192.168.20.0/24 gateway=2.2.2.2
add check-gateway=ping disabled=yes distance=4 dst-address=192.168.100.0/24 gateway=2.2.2.2
add check-gateway=ping disabled=yes distance=4 dst-address=192.168.200.0/24 gateway=2.2.2.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=2016
set ssh port=2222
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no
/ppp aaa
set use-radius=yes
/radius
/radius incoming
set accept=yes
/routing ospf network
add area=backbone disabled=yes network=192.168.1.0/24
add area=backbone disabled=yes network=192.168.2.0/24
/system clock
set time-zone-name=Asia/Tehran
/system ntp client
set enabled=yes primary-ntp=31.193.152.2
/tool mac-server
set [ find default=yes ] disabled=yes
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether1-master-local
/tool mac-server ping
set enabled=no
/tool netwatch
add host=192.168.1.2
/tool traffic-monitor
add interface=ether1-master-local name=tmon1 threshold=0
/tool user-manager database
set db-path=web-proxy1
/tool user-manager profile profile-limitation
add from-time=0s limitation=256K profile=256K till-time=23h59m59s weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=512K profile=512K till-time=23h59m59s weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=Unlimited profile=Unlimited till-time=23h59m59s weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=1024K profile=1024K till-time=23h59m59s weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=256K-500MB profile=256k-500MB till-time=23h59m59s weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
Branch:
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether3 ] name="ether3 Uplink"
set [ find default-name=ether4 ] arp=proxy-arp name="ether4 LAN"
set [ find default-name=ether5 ] arp=proxy-arp name=ether5ADSL
/interface pppoe-client
add add-default-route=yes default-route-distance=1 disabled=no interface=\
add add-default-route=yes disabled=no interface=ether5ADSL keepalive-timeout=60 \
name=pppoe-out2 password=63846440 user=3137768938
add add-default-route=yes interface=ether5ADSL keepalive-timeout=60 name=\
pppoe-out3 password=63866660 user=3137768938
/interface eoip
add disabled=yes !keepalive mac-address=02:48:43:C8:0E:9D name=eoip-tunnel1 \
remote-address=Valid IP tunnel-id=10
/interface ipip
add !keepalive name=ipip-tunnel1 remote-address=valid IP
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=0s \
pfs-group=none
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
add name=dhcp_pool1 ranges=192.168.200.200-192.168.200.254
add name=VPN_Pool ranges=192.168.5.10-192.168.5.50
add name=dhcp_pool3 ranges=192.168.2.30-192.168.2.60
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=ether5ADSL lease-time=10h10m name=dhcp1
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.5.1 name=VPN \
remote-address=VPN_Pool use-encryption=required
/routing ospf area
set [ find default=yes ] disabled=yes
/routing ospf instance
set [ find default=yes ] disabled=yes redistribute-connected=as-type-1 \
redistribute-static=as-type-1
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=VPN \
keepalive-timeout=disabled
/ip address
add address=192.168.1.2/24 interface="ether4 LAN" network=192.168.1.0
add address=192.168.100.1/24 interface="ether4 LAN" network=192.168.100.0
add address=192.168.1.1/24 interface="ether4 LAN" network=192.168.1.0
add address=172.16.226.59/29 interface="ether3 Uplink" network=172.16.226.56
add address=192.168.200.1/24 interface=ether5ADSL network=192.168.200.0
add address=2.2.2.2/24 interface=ipip-tunnel1 network=2.2.2.0
add address=192.168.5.1/24 disabled=yes network=192.168.5.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.200.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.200.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.1.0/24 list=LOCAL
add address=192.168.5.0/24 list=LOCAL
/ip firewall nat
add action=netmap chain=dstnat dst-address=192.168.20.0/24 src-address=\
192.168.10.0/24 to-addresses=192.168.1.0/24
add action=netmap chain=srcnat dst-address=192.168.10.0/24 src-address=\
192.168.1.0/24 to-addresses=192.168.20.0/24
add action=dst-nat chain=dstnat comment=Nazhin dst-address= \
dst-port=3389 protocol=tcp to-addresses=192.168.1.18
add action=dst-nat chain=dstnat comment=ADSL dst-address= \
dst-port=3389 protocol=tcp to-addresses=192.168.1.18
add action=dst-nat chain=dstnat comment=ADSL dst-address=\
dst-port=8888 protocol=tcp to-addresses=192.168.1.111 to-ports=8888
add action=dst-nat chain=dstnat comment=ADSL dst-address=\
dst-port=8000 protocol=tcp to-addresses=192.168.1.83 to-ports=80
add action=dst-nat chain=dstnat comment=Nazhin dst-address= \
dst-port=8000 protocol=tcp to-addresses=192.168.1.111
add action=dst-nat chain=dstnat comment=ADSL disabled=yes dst-address=\
dst-port=8000 protocol=tcp to-addresses=192.168.1.111
add action=dst-nat chain=dstnat comment=Nazhin disabled=yes dst-address=\
dst-port=8000 protocol=udp to-addresses=192.168.1.111
add action=dst-nat chain=dstnat comment=ADSL dst-address=\
dst-port=8000 protocol=udp to-addresses=192.168.1.111
add action=masquerade chain=srcnat dst-address-list=!LOCAL src-address=\
192.168.1.0/24
add action=masquerade chain=srcnat src-address=192.168.5.0/24
add action=masquerade chain=srcnat src-address=192.168.100.0/24
add action=masquerade chain=srcnat dst-address-list=!LOCAL src-address=\
192.168.200.0/24
add action=dst-nat chain=dstnat dst-address=128.65.177.115 dst-port=8080 \
protocol=tcp to-addresses=192.168.1.18
add action=netmap chain=srcnat disabled=yes out-interface=*D src-address=\
192.168.1.0/24 to-addresses=10.10.20.1
add action=netmap chain=dstnat disabled=yes dst-address=10.10.20.1 \
in-interface=*D to-addresses=192.168.1.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 dst-address=46.143.208.0/22 gateway=172.16.226.57
add distance=1 dst-address=91.222.196.0/22 gateway=172.16.226.57
add distance=1 dst-address=91.240.60.0/22 gateway=172.16.226.57
add disabled=yes distance=1 dst-address=192.168.1.6/32 gateway=2.2.2.1
add disabled=yes distance=1 dst-address=192.168.1.7/32 gateway=eoip-tunnel1
add disabled=yes distance=1 dst-address=192.168.1.8/32 gateway=eoip-tunnel1
add disabled=yes distance=1 dst-address=192.168.1.100/32 gateway=eoip-tunnel1
add distance=1 dst-address=192.168.10.0/24 gateway=2.2.2.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/routing ospf interface
add disabled=yes interface=eoip-tunnel1 network-type=point-to-point use-bfd=yes
/routing ospf network
add area=backbone disabled=yes network=192.168.1.0/24
add area=backbone disabled=yes network=192.168.100.0/24
add area=backbone disabled=yes network=192.168.200.0/24
/system clock
set time-zone-name=Asia/Tehran
/system identity
set name=nazhin-miad
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set pppoe-out2 disabled=yes display-time=5s
set pppoe-out3 disabled=yes display-time=5s
set bridge1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set "ether3 Uplink" disabled=yes display-time=5s
set "ether4 LAN" disabled=yes display-time=5s
set ether5ADSL disabled=yes display-time=5s
set eoip-tunnel1 disabled=yes display-time=5s
set ipip-tunnel1 disabled=yes display-time=5s
/tool user-manager database
set db-path=flash/user-manager
Idlemind,
Did you manage to solve it?