hi
for example
local Ip=192.168.10.0/24
wan 1 ip =68.182.50.20 gatway= 68.182.50.21 is valid Ip (Public Ip)
wan 2 ip=192.168.1.2 gatway=192.168.1.1 adsl
i grouped my client into two Group , A And B
ip firewal mangle add src-address=192.168.10.1 action= routing-mark new routing mark=GroupA ===== is ip for my server web
ip firewal mangle add src-address=192.168.10.120 action= routing-mark new routing mark=GroupB
ip firewal mangle add src-address=192.168.10.122 action= routing-mark new routing mark=GroupB
ip firewal mangle add src-address=192.168.10.130 action= routing-mark new routing mark=GroupA
Routes:
ip rout add dst-address=0.0.0.0 gateway=68.182.50.21 routing mark=GroupA
ip rout add dst-address=0.0.0.0 gateway=192.168.1.1 routing mark=GroupB
nat:
ip firewal nat src add src-address=192.168.10.2 action= masquerate
now for forward port 80 to my server 192.168.10.1 i add :
ip firewal nat ->add dstnat ->dst-address=192.168.10.2 portocol=tcp port=80 action=dst-nat ip address=192.168.10.1 port 80
but port forwarding not work —|| what rule i should add to firewall mangle or nat for forwarding port 80 to my server with local ip 192.168.10.1
Previous poster wanted to tell you that you need to mark new connections coming from internet and then send replies back the same way. Because as it is now, you’re sending anything from server (192.168.10.1) uncoditionally to first ISP. So port forwarding could only work from there.
But more important problem is that your dstnat rule is completely wrong, no packet coming to you will match dst-address=192.168.1.1. The dst-address option is supposed to contain original destination address, so either 68.182.50.20 or 192.168.1.2 (if you forward ports to it). And to-ports=0-65535 is wrong too, you most likely want to not put anything there (to keep original port 80).
First disable service http /port 80/ on the router , after that add the nat rule:
/ip fi nat
add chain=dstnat dst-address= put wan ip address portocol=tcp port=80 action=dst-nat to-addresses:192.168.10.1 to-ports=80