Hi,
I’m a beginner in RouterOS, although I have worked with iptables for a long time, and Im having same problems with the load balance and dstnat.
Here is my scenery:
I have two dedicated links:
189.x.x.36 - eth3-NetRosas
189.x.x.227 - eth2-Embratel
and a local network:
192.168.0.0/24 - eth5-Rede0
I applied those rules to make the load balance configuration
/ip firewall nat
add chain=srcnat action=masquerade out-interface=eth2-Embratel
add chain=srcnat action=masquerade out-interface=eth3-Net_Rosas
/ip route
add dst-address=0.0.0.0/0 gateway=189.x.x.33 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=189.x.x.225 distance=2 check-gateway=ping
/ip firewall mangle
add chain=prerouting in-interface=eth2-Embratel connection-mark=no-mark action=mark-connection new-connection-mark="saida_embratel" passthrough=yes
add chain=prerouting in-interface=eth3-Net_Rosas connection-mark=no-mark action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes
add chain=prerouting action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/0 comment="Dividindo a saida dos pacotes entre os links"
add chain=prerouting action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/1
add chain=prerouting action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/2
add chain=prerouting action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/3
add chain=prerouting action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/4
add chain=prerouting action=mark-connection new-connection-mark="saida_net_rosas" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/5
add chain=prerouting action=mark-connection new-connection-mark="saida_embratel" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/6
add chain=prerouting action=mark-connection new-connection-mark="saida_embratel" passthrough=yes \
dst-address-type=!local in-interface=eth5-Rede_0 connection-mark=no-mark \
per-connection-classifier=both-addresses-and-ports:8/7
add chain=prerouting in-interface=eth5-Rede_0 connection-mark=saida_net_rosas action=mark-routing new-routing-mark="rota_net_rosas" passthrough=yes comment="Criando as marcas para as rotas dos links"
add chain=prerouting in-interface=eth5-Rede_0 connection-mark=saida_embratel action=mark-routing new-routing-mark="rota_embratel" passthrough=yes
add chain=output connection-mark=saida_net_rosas action=mark-routing new-routing-mark="rota_net_rosas" passthrough=yes
add chain=output connection-mark=saida_embratel action=mark-routing new-routing-mark="rota_embratel" passthrough=yes
/ip route
add dst-address=0.0.0.0/0 gateway=189.x.x.36 check-gateway=ping type=unicast distance=1 routing-mark="rota_net_rosas"
add dst-address=0.0.0.0/0 gateway=189.x.x.227 check-gateway=ping type=unicast distance=2 routing-mark="rota_embratel"
My problem is that Im cant make a dstnat to local address where is my Web Server. Here is the rule:
add chain=dstnat action=dst-nat to-addresses=192.168.0.60 to-ports=80 protocol=tcp dst-address=189.x.x.36 in-interface=eth3-Net_Rosas dst-port=80
The host 192.168.0.60 receives a syn sent, but the connection does not complete.
The same problems have happening with the rules to DNS_Server and Slave, on my local network:
add chain=dstnat action=dst-nat to-addresses=192.168.0.202 to-ports=53 protocol=tcp dst-address=189.42.238.227 in-interface=eth2-Embratel dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.0.202 to-ports=53 protocol=udp dst-address=189.42.238.227 in-interface=eth2-Embratel dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.0.201 to-ports=53 protocol=tcp dst-address=189.124.19.36 in-interface=eth3-Net_Rosas dst-port=53
add chain=dstnat action=dst-nat to-addresses=192.168.0.201 to-ports=53 protocol=udp dst-address=189.124.19.36 in-interface=eth3-Net_Rosas dst-port=53
I appreciate any help!
PS.: Sorry by my English!! 