Port forwarding with to ISP issue

plamenivanov · November 15, 2024, 1:36pm

Hello,
I have a problem with port forwarding with two ISP.

I have this configuration on 5 ports Mikrotik router(OS v6.49.17):
WAN1 - ISP 1 PPPoE cable plugged in eth5. Public IP 1.1.1.1.
On interface pppoe-out1 runs pppoe-client.

WAN 2 - ISP 2 static IP on eth4 from local network of the ISP2 router.
IP: 192.168.7.15/24
GW: 192.168.7.1
DNS: 192.168.7.1
Public IP address on ISP 2 router is 2.2.2.2.

Local LAN
192.168.22.0/24

IP addresses
/ip address add address=1.1.1.1 network=1.1.1.0 interface=pppoe-out1 //ISP1 WAN1
/ip address add address=192.168.7.15/24 network=192.168.7.0 interface=eth4 //ISP2 WAN2
/ip address add address=192.168.22.1/24 network=192.168.22.0 interface=bridge //local LAN

IP routes
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1
/ip route add dst-address=1.1.1.1 gateway=pppoe-out1 distance=0
/ip route add dst-address=0.0.0.0/0 gateway=192.168.7.1 distance=5
/ip route add dst-address=192.168.7.0/24 gateway=192.168.7.1 distance=0
/ip route add dst-address=192.168.22.0/24 gateway=bridge distance=0

IP firewall
/ip firewall nat add chain=srcnat out-interface=pppoe-out1 action=masquerade
/ip firewall nat add chain=dstnat dst-address=1.1.1.1 dst-port=443 action=dst-nat to-addresses=192.168.22.101 to-ports=443
/ip firewall nat add chain=dstnat dst-address=192.168.7.15 dst-port=443 in-interface=eth4 action=dst-nat to-addresses=192.168.22.101 to-ports=443
/ip firewall nat add chain=srcnat out-interface=eth4 action=masquerade

I have web server connected to the Mikrotik router with IP 192.168.22.101 runs on port 443(https).

I want to connect to web server via two IP addresses of each ISP:
Route from ISP 1: 1.1.1.1:443(WAN ISP1 Mikrotik) → 192.168.22.101:443 - this route works.
Route from ISP 2: 2.2.2.2:443(WAN ISP2 router) → 192.168.7.15:443(WAN ISP2 mikrotik) → 192.168.22.101:443 - this route does not work becouse request are return via:

/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1

but it should will be return via:

/ip route add dst-address=192.168.7.0/24 gateway=192.168.7.1 distance=0

In ISP 2 router have port forwarding to IP 192.168.7.15 on port 443.

Is it possible to make route via ISP 2 to work?
Is it possible without connections or packets mark?
Is it possible to forward port via two routers to get to destination?

anav · November 19, 2024, 4:25pm

You need to post your complete config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)

Problems

If using pPPOE it usually provides a dynamic WANIP.
So if using PPPOE interface, one should not use IP address to define the WANIP.
You need public IPs to port forward, (OR) an upstream ISP router that has a public IP and from which, you can forward ports to the MT device.
Please confirm the status for both WANs.
You routes are all over the map and need to be rationalized…