hi, i got into trouble with mikrotik RB750
the topology is shown bellow
Public IP is 65.13.50.0/29
ether2 IP : 192.168.1.1/24,65.13.50.1/29 secondary
ether1 IP : 10.86.119.26/30
i did srcnat for internal users internet access and dnat to access ip cameras via internet.
and used default route with preference source 65.13.50.1. although srcnat and dnat both of them use 65.13.50.1 for nat operation.
my problem is: after a time i can not access to public ip so that dnat does not work.
everything is ok but the traceroute and ping does not reply.
traceroute result is shown bellow:
C:\Users\ALPHA2013>tracert -d 65.13.50.1
Tracing route to 2.179.192.107 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.139.25.253
2 1 ms 4 ms 1 ms x0.x1.x2.x3
3 2 ms 2 ms 1 ms y0.y1.y2.y3
4 2 ms 5 ms 2 ms z0.z1.z2.z3
5 4 ms 3 ms 3 ms 10.86.119.42
6 * * * request time out
7 * * * request time out
30 * * * request time out
Trace complete.
note:
when i lose public address i use winbox into mikrotik via 10.86.119.26 and use /tool ping
after that i ping 4.2.2.4 for example and that problem eliminates.
what is your opinion this problem and that way to remove?
router config is shown bellow :
/interface bridge
add name=Loopback0
/interface ethernet
set 0 comment=Gateway
/interface pptp-server
add name=pptp-in1 user=“”
/ip neighbor discovery
set ether1 comment=Gateway
set pptp-in1 discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip pool
add name=vpn-pool ranges=172.16.1.1-172.16.1.254
add name=dhcp_pool1 ranges=192.168.1.20-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=8h name=
dhcp1
/ppp profile
set 0 dns-server=8.8.8.8 local-address=1.1.1.1 remote-address=
vpn-pool
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface pptp-server server
set authentication=pap default-profile=default enabled=yes max-mru=1460
max-mtu=1460
/ip address
add address=10.86.119.26/30 interface=ether1 network=10.86.119.24
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=65.13.50.1/29 interface=ether2 network=65.13.50.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid disabled=
no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,4.2.2.4
gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=
10.111.1.10,10.111.1.161
/ip firewall nat
add action=src-nat chain=srcnat src-address=172.16.1.0/24 to-addresses=
65.13.50.1
add action=src-nat chain=srcnat src-address=192.168.1.10 to-addresses=
65.13.50.1
add action=dst-nat chain=dstnat dst-address=65.13.50.1 dst-port=8010
protocol=tcp to-addresses=192.168.1.2 to-ports=8010
add action=dst-nat chain=dstnat dst-address=65.13.50.1 dst-port=8011
protocol=tcp to-addresses=192.168.1.3 to-ports=8011
add action=dst-nat chain=dstnat dst-address=65.13.50.1 dst-port=8012
protocol=tcp to-addresses=192.168.1.4 to-ports=8012
add action=dst-nat chain=dstnat dst-address=65.13.50.1 dst-port=8013
protocol=tcp to-addresses=192.168.1.5 to-ports=8013
/ip route
add distance=1 gateway=10.86.119.25 pref-src=65.13.50.1
/ip service
set api disabled=yes
/ppp secret
add name=test password=test1
/tool mac-server
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5