i have problem with my mikrotik. I have 2 bridges. One with public ips and one with private network. From private bridge i have nat to public bridge. When i try ping on any server on public, its very fast. When i try ping on private network, it takes a long time to open but speed is ok.
public bridge:
Code: Select all
root@ts:/home/lister# time ping google.com -c1
PING google.com (172.217.23.206) 56(84) bytes of data.
64 bytes from prg03s05-in-f14.1e100.net (172.217.23.206): icmp_seq=1 ttl=57 time=3.77 ms
real 0m0,008s
user 0m0,000s
sys 0m0,000s
Code: Select all
root@robot:/home/lister# time ping google.com -c1
PING google.com (172.217.23.206) 56(84) bytes of data.
64 bytes from prg03s05-in-f14.1e100.net (172.217.23.206): icmp_seq=1 ttl=56 time=3.76 ms
real 0m5.014s
user 0m0.000s
sys 0m0.004s
Code: Select all
/ip firewall address-list
add address=x.x.x.x list=allow
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allowed connection" dst-port=8291 protocol=tcp src-address-list=allow
add action=accept chain=input dst-port=8081 protocol=tcp src-address-list=allow
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=bridge1-public
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=bridge1-public
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=bridge1-public
add action=dst-nat chain=dstnat comment="SSH robot" dst-port=22024 in-interface=bridge1-public protocol=tcp src-address-list=allow to-addresses=192.168.4.11 to-ports=22022
add action=dst-nat chain=dstnat comment=bmc dst-port=8088 in-interface=bridge1-public protocol=tcp src-address-list=allow to-addresses=192.168.4.2 to-ports=80
add action=dst-nat chain=dstnat comment=vsphere dst-port=8080 in-interface=bridge1-public protocol=tcp src-address-list=allow to-addresses=192.168.4.3 to-ports=443
add action=dst-nat chain=dstnat dst-port=902 in-interface=bridge1-public protocol=tcp src-address-list=allow to-addresses=192.168.4.3 to-ports=902
add action=dst-nat chain=dstnat comment=ts dst-port=9987 in-interface=bridge1-public protocol=udp to-addresses=192.168.4.10 to-ports=9987
add action=dst-nat chain=dstnat dst-port=9988 in-interface=bridge1-public protocol=udp to-addresses=192.168.4.10 to-ports=9988
add action=dst-nat chain=dstnat comment="ts file transfer" dst-port=30033 in-interface=bridge1-public protocol=tcp to-addresses=192.168.4.10 to-ports=30033
add action=dst-nat chain=dstnat comment="ts server query" dst-port=10011 in-interface=bridge1-public protocol=tcp src-address-list=allow to-addresses=192.168.4.10 to-ports=10011
add action=dst-nat chain=dstnat comment=auta dst-port=80 in-interface=bridge1-public protocol=tcp to-addresses=192.168.4.11 to-ports=80
add action=dst-nat chain=dstnat comment=https dst-port=443 in-interface=bridge1-public protocol=tcp to-addresses=192.168.4.11 to-ports=443
add action=dst-nat chain=dstnat comment=FTP dst-port=21 in-interface=bridge1-public protocol=tcp to-addresses=192.168.4.11 to-ports=21
add action=dst-nat chain=dstnat comment="SSH vSphere" dst-port=22023 in-interface=bridge1-public protocol=tcp to-addresses=192.168.4.3 to-ports=22
Thanks for reply and help.