RouterOS version is 6.15
RB951ui
I have setup a 3 wan port PCC using the link at - wiki.mikrotik.com/wiki/Manual:PCC
I have setup three dst-nat for POP3 from the three ports ether1 ether2 ether2 ports (3 dsl modems)
Everything works well from internal to external. From External to internal only the first dsl/ethernet port works correctly. I can see the connection coming into POP3 server, for the other two ports but the traffic doesn’t get back correctly. I surmise that the traffic is going up the wrong connection in the reverse direction (returning from internal host back to external host). I have tried various solutions posted on the forum but still cannot seem to come right. Here is my configuration right now:
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether5
add address=192.168.200.2/24 network=192.168.200.0 broadcast=192.168.200.255 interface=ether1
add address=192.168.205.2/24 network=192.168.205.0 broadcast=192.168.205.255 interface=ether2
add address=192.168.210.2/24 network=192.168.210.0 broadcast=192.168.205.255 interface=ether3
/ ip firewall mangle
add chain=prerouting dst-address=192.168.200.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.205.0/24 action=accept in-interface=ether5
add chain=prerouting dst-address=192.168.210.0/24 action=accept in-interface=ether5
add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=ether1_conn
add chain=prerouting in-interface=ether2 connection-mark=no-mark action=mark-connection new-connection-mark=ether2_conn
add chain=prerouting in-interface=ether3 connection-mark=no-mark action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether2_conn
add chain=prerouting in-interface=ether5 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/2 action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting connection-mark=ether1_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether2_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether2
add chain=prerouting connection-mark=ether3_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether3
add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1
add chain=output connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2
add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3
add chain=prerouting connection-state=new in-interface=ether1 protocol=tcp dst-port=22,110 action=mark-connection new-connection-mark=ether1_conn
add chain=prerouting connection-state=new in-interface=ether2 protocol=tcp dst-port=22,110 action=mark-connection new-connection-mark=ether2_conn
add chain=prerouting connection-state=new in-interface=ether3 protocol=tcp dst-port=22,110 action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting dst-address=192.168.200.1/32 in-interface=ether5 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
add chain=prerouting dst-address=192.168.205.1/32 in-interface=ether5 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
add chain=prerouting dst-address=192.168.210.1/32 in-interface=ether5 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.200.1 routing-mark=to_ether1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.205.1 routing-mark=to_ether2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.210.1 routing-mark=to_ether3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.200.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.205.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.210.1 distance=2 check-gateway=ping
add dst-address=192.168.101.0 gateway=192.168.0.2 distance=1 check-gateway=ping
add dst-address=192.168.102.0 gateway=192.168.0.2 distance=1 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
I am sure I am doing something small wrong but I cant seem to find it on my own and any help would be appreciated!!
thanks
Evan