I am able to do port forwarding in the router of internet1 and my application in ServerA is accessible over the internet - ssh, http, https, etc.
My problem is the server under the Mikrotik router. My port forwarding through ip firewall rules and NAT isnt working. The application in ServerB is running and is accessible when connected within the network. But not accessible through the Public IP.
Whats wrong with my configuration?
Code: Select all
# may/21/2021 17:07:42 by RouterOS 6.45.9
# software id = 662H-04I9
#
# model = RBD52G-5HacD2HnD
# serial number = CDFC0CE271C8
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-full,100M-full,1000M-full,5000M-full,10000M-full name="ether1 - 200"
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-full,5000M-full name="ether2 - 100"
set [ find default-name=ether3 ] advertise=10M-full,100M-full,1000M-full name=\
"ether3- LAN"
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=philippines mode=\
station-pseudobridge ssid=MIS_MITHI wireless-protocol=nv2-nstreme-802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.7.30-192.168.7.200
add name=dhcp_pool1 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool2 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool3 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool4 ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface="ether3- LAN" name=dhcp1
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=10.0.0.1/24 interface="ether3- LAN" network=10.0.0.0
add address=119.92.135.194 interface="ether1 - 200" network=119.92.135.194
/ip dhcp-client
add add-default-route=no disabled=no interface="ether1 - 200"
add add-default-route=no disabled=no interface="ether2 - 100"
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=192.168.1.1,192.168.0.2 gateway=10.0.0.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=drop chain=forward disabled=yes dst-port=22 in-interface=\
"ether1 - 200" protocol=tcp
add action=drop chain=forward disabled=yes dst-port=23 in-interface=\
"ether1 - 200" protocol=tcp
add action=add-src-to-address-list address-list="PortScan Attackers" \
address-list-timeout=1d chain=input protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="PortScan Attackers" \
address-list-timeout=1d chain=forward protocol=tcp psd=21,3s,3,1
add action=drop chain=input src-address-list="PortScan Attackers"
add action=accept chain=input connection-state=established,related,new
add action=accept chain=forward connection-state=established,related,new
add action=drop chain=input connection-state=invalid
add action=accept chain=forward connection-nat-state=dstnat
/ip firewall mangle
add action=accept chain=prerouting comment=ACCEPT dst-address=192.168.1.0/24 \
in-interface="ether3- LAN"
add action=accept chain=prerouting dst-address=192.168.0.0/24 in-interface=\
"ether3- LAN"
add action=mark-connection chain=prerouting comment="INPUT REROUTE" \
connection-mark=no-mark in-interface="ether1 - 200" new-connection-mark=200 \
passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface="ether2 - 100" new-connection-mark=100 passthrough=yes
add action=mark-connection chain=prerouting comment=PCC dst-address-type=!local \
in-interface="ether3- LAN" new-connection-mark=200 passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface="ether3- LAN" new-connection-mark=100 passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment=ROUTE connection-mark=200 \
in-interface="ether3- LAN" new-routing-mark=to200 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=100 in-interface=\
"ether3- LAN" new-routing-mark=to100 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat dst-address=10.0.0.0/24 src-address=\
10.0.0.0/24
add action=masquerade chain=srcnat out-interface="ether1 - 200"
add action=masquerade chain=srcnat out-interface="ether2 - 100"
add action=accept chain=dstnat
add action=dst-nat chain=dstnat dst-address-list="" dst-port=5240 protocol=tcp \
to-addresses=10.0.0.31 to-ports=5240
add action=dst-nat chain=dstnat dst-address-list="" dst-port=22 protocol=tcp \
src-address-list="" to-addresses=10.0.0.31 to-ports=22
add action=src-nat chain=srcnat src-address=10.0.0.31 to-addresses=\
119.92.135.194
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to200
add check-gateway=ping distance=2 gateway=192.168.0.2 routing-mark=to100
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.0.2
/system clock
set time-zone-name=Asia/Manila
/system identity
set name=DOST10
/tool graphing interface
add