Hi Can you help me with a scenarion,
This is what i want to do,
- I want to connect 2 external WAN(internet links)
- Set up fail over for the two links. ( So only one works at any time. If the primary fails, an automated script will fail over to the secondary link)
- Port forward to an internal ISA server, which then relays POP3/SMTP traffic to a Mail server behind it on the internal LAN
- Maintain HTTP access at all times through this setup.
What i have managed to do so far is:
- I have manage to get the 2 WAN links connected, IP address & Routes are all in.
- Enable automated failover via Mikrotik System Script
- Port forwarding is proving to be a headache, see the following NAT rules and advise please :
/ip firewall nat
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=196.213.11.19 protocol=tcp to-addresses=10.0.0.2 to-ports=10025
add action=dst-nat chain=dstnat comment=“” disabled=no protocol=tcp src-address=10.0.0.2 to-addresses=196.213.11.19 to-ports=10025
add action=masquerade chain=srcnat comment=“” disabled=no
The first rule is supposed to forward traffic coming in on (public address) 196.213.11.19 port #10025 to internal ip 10.0.0.2 (ISA), the second rule to do the opposite. Third rule is supposed to take of ALL other traffic in and out of router?? ( Please assist if this thinking is correct) I can not get both DST-NAT and HTTP to work at the same time.
Calvin