Port forwarding between two wan interface on same routerboard

cJYh1 · June 12, 2020, 8:56am

Hello everybody,

I want to know how can i forward a random port from wan1 to wan2 and then forward to any device on internet, my scenario here:
WAN1: 10.100.11.11
WAN2: 10.200.22.22
Destination(device on internet, assume cloudflare dns tcp port here): 1.1.1.1:53

Already tried these firewall rules, but doesn’t work .(diagram in attachments):

/ip address
add address=10.31.9.1/24 interface=LAN network=10.31.9.0
add address=10.100.11.11/24 interface=WAN1 network=10.100.11.0
add address=10.200.22.22/24 interface=WAN2 network=10.200.22.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat dst-address=10.100.11.11 dst-port=8374 \
    in-interface=WAN1 protocol=tcp to-addresses=10.200.22.22 to-ports=3562
add action=dst-nat chain=dstnat dst-address=10.200.22.22 dst-port=3562 \
    in-interface=WAN2 protocol=tcp src-address-type="" to-addresses=1.1.1.1 \
    to-ports=53
    
/ip route print detail 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
1 A S  dst-address=0.0.0.0/0 gateway=10.100.11.1 
        gateway-status=10.100.11.1 reachable via  WAN1 distance=1 scope=10 
        target-scope=10 

 2   S  dst-address=0.0.0.0/0 gateway=10.200.22.1 
        gateway-status=10.200.22.1 reachable via  WAN2 distance=1 scope=10 
        target-scope=10 

 3 ADC  dst-address=10.31.9.0/24 pref-src=10.31.9.1 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 

 4 ADC  dst-address=10.100.11.0/24 pref-src=10.100.11.11 gateway=WAN1 
        gateway-status=WAN1 reachable distance=0 scope=10 

 5 ADC  dst-address=10.200.22.0/24 pref-src=10.200.22.22 gateway=WAN2 
        gateway-status=WAN2 reachable distance=0 scope=10 

 6 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.146 gateway=MGMT 
        gateway-status=MGMT reachable distance=0 scope=10

Port Forwarding Diagram.png

mutluit · June 12, 2020, 11:00am

The problem description is a little bit cryptic as one can’t imagine what you try to achieve.
Are you trying to do a kind of Load Balancing?
And what do you mean by “random port”?

I would replace the following

add action=dst-nat chain=dstnat dst-address=10.200.22.22 dst-port=3562
in-interface=WAN2 protocol=tcp src-address-type=“” to-addresses=1.1.1.1
to-ports=53

with this one:

add action=dst-nat chain=dstnat dst-address=10.200.22.22 dst-port=3562
protocol=tcp src-address-type=“” to-addresses=1.1.1.1
to-ports=53

cJYh1 · June 12, 2020, 11:48am

Hi mutluit,
sorry for my poor english, “random port” means any port i can configure, it may be 22,80,443 or else, but i haven’t decided, you can just assume 1.1.1.1:53 (tcp).

It’s not Load Balancing,WAN1 ↔ 1.1.1.1:53 has high latency and packet loss, but WAN2 ↔ 1.1.1.1:53 has low latency and no packet loss.
My purpose is: if someone access 10.100.11.11:3562, he can speed up access 1.1.1.1:53 via WAN2.
Maybe a bit like a multi-layer reverse proxy, WAN1 is frontend, WAN2 is 1st layer backend, 1.1.1.1:53 is the last layer backend.

I have tried your rule, but still not work.

mutluit · June 12, 2020, 12:00pm

I guess you mean 8374 instead of 3562.

Problem description is now clear.
It normally should function.

cJYh1 · June 13, 2020, 2:20am

Yes, you’re right, should be 10.100.11.11:8374.
After replace that rule, I use nc to test if port accessable, the result is:

nc -z -v -w3 10.100.11.11 8374
10.100.11.11 [10.100.11.11] 8374: Connection refused