I try many times and this is the only way that i foung to make it work
2 WAN lines
- Fixed IP 190.12.114.42
- ADSL (pppoe-out1)
If i use masquerade with out-interface, users can’t access from wan to my webserver and mailserver. If i don’t set !80 on mangle, the proxy doesn’t work.
Please is this correct or is there a better configuration.
/ip proxy
set always-from-cache=yes cache-administrator=webmaster cache-hit-dscp=2 \
cache-on-disk=yes enabled=yes max-cache-size=unlimited \
max-client-connections=1000 max-fresh-time=3d max-server-connections=1000 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=3128 serialize-connections=\
no src-address=0.0.0.0
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=\
1-Metrotel new-connection-mark=wan1 passthrough=no
add action=mark-connection chain=input comment="" disabled=no in-interface=\
pppoe-out1 new-connection-mark=wan2 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=wan1 \
disabled=no new-routing-mark=awan1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=wan2 \
disabled=no new-routing-mark=awan2 passthrough=no
add action=accept chain=prerouting comment="" disabled=no dst-address=\
190.12.114.40/29 in-interface=RED
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local dst-port=!80 in-interface=RED \
new-connection-mark=wan2 passthrough=yes per-connection-classifier=\
both-addresses:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local dst-port=!80 in-interface=RED \
new-connection-mark=wan2 passthrough=yes per-connection-classifier=\
both-addresses:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local dst-port=!80 in-interface=RED \
new-connection-mark=wan1 passthrough=yes per-connection-classifier=\
both-addresses:3/2 protocol=tcp
add action=mark-routing chain=prerouting comment="" connection-mark=wan2 \
disabled=no in-interface=RED new-routing-mark=awan2 passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=wan1 \
disabled=no in-interface=RED new-routing-mark=awan1 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no
add action=redirect chain=dstnat comment="Redirect al Proxy" disabled=no \
dst-port=80 in-interface=RED protocol=tcp src-address=192.168.0.0/24 \
to-ports=3128
add action=dst-nat chain=dstnat comment=Forwarding disabled=no dst-address=\
190.12.114.42 dst-port=80 protocol=tcp to-addresses=192.168.0.3 to-ports=\
80
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=81 protocol=\
tcp to-addresses=192.168.0.6 to-ports=81
add action=dst-nat chain=dstnat comment=Correo disabled=no dst-address=\
190.12.114.42 dst-port=25 protocol=tcp to-addresses=192.168.0.5 to-ports=\
25
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
190.12.114.42 dst-port=110 protocol=tcp to-addresses=192.168.0.5 \
to-ports=110
add action=dst-nat chain=dstnat comment=Trader disabled=no dst-address=\
190.12.114.42 dst-port=1234 protocol=tcp to-addresses=192.168.0.6 \
to-ports=1234
add action=dst-nat chain=dstnat comment=Remoto disabled=no dst-port=3389 \
protocol=tcp time=7m-21h,sun,mon,tue,wed,thu,fri,sat to-addresses=\
192.168.0.7 to-ports=3389
add action=dst-nat chain=dstnat comment=VNC disabled=no dst-address=\
190.12.114.42 dst-port=5900 protocol=tcp to-addresses=192.168.0.5 \
to-ports=5900
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5900 \
protocol=tcp to-addresses=192.168.0.6 to-ports=5900
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=190.12.114.41 routing-mark=awan1 scope=30 target-scope=\
10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=pppoe-out1 routing-mark=awan2 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
190.12.114.41 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=2 dst-address=\
0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10