I'm new to Mikrotik routers but enjoying getting to know the os and setting up for my businesses.
I first setup with a basic configuration with one WAN attached to ether1, with my local network plugged into ether4
I have various port forwards setup that point to my server for email and remote web workplace. I set these up in NAT but also needed to accept them in firewall filter rules or it doesn't open the ports. This went slightly against what I had read in documentation but it all works fine.
I then moved onto stage2 to add in a second WAN attached to ether2. I read quite a bit of documentation and setup using the following rules
/ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 in-interface=ether4 action=accept
add chain=input in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=WAN1 passthrough=no
add chain=input in-interface=ether2 connection-mark=no-mark action=mark-connection new-connection-mark=WAN2 passthrough=no
add chain=output out-interface=ether1 connection-mark=WAN1 action=mark-routing new-routing-mark=WAN1 passthrough=no
add chain=output out-interface=ether2 connection-mark=WAN2 action=mark-routing new-routing-mark=WAN2 passthrough=no
add chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether4 per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=WAN1
add chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether4 per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=WAN2
add chain=prerouting connection-mark=WAN1 in-interface=ether4 action=mark-routing new-routing-mark=WAN1 passthrough=no
add chain=prerouting connection-mark=WAN2 in-interface=ether4 action=mark-routing new-routing-mark=WAN2 passthrough=no
add dst-address=0.0.0.0/0 gateway=22.214.171.124 routing-mark=WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.4 routing-mark=WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=126.96.36.199 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.4 distance=2 check-gateway=ping
/ip firewall nat
add chain=src-nat out-interface=ether1 action=masquerade
add chain=src-nat out-interface=ether2 action=masquerade
This works great with load balancing and failover.
I duplicated all my nat and firewall rules that worked with wan1 over to wan2.
When this is all activated, I have an issue with the port forwarding. When I test the to incoming ip addresses for open ports (specifically port 25 as emails are most important) it seems the system is only "opening" ports on 1 WAN at a time. I check WAN1 and it will say port 25 is open, WAN2 says closed. I keep checking and suddenly WAN2 will be open and then WAN1 closed... have I missed some important step regarding the 2 incoming connections?
In an ideal world both incoming WANS should accept the emails so if WAN1 goes down i'm still getting them come in...
Any help is greatly appreciated.