i've some issue with my setup where i use 2 WAN Port Forwarding.
so let's say the setup are like this example :
WAN1(eth1) : 11.11.11.11/27(A), 11.11.11.12/27(B), 11.11.11.13/27(C) [gw: 11.11.11.1/27]
WAN2(eth2) : 33.33.33.11/27(A), 33.33.33.12/27(B), 33.33.33.13/27(C) [gw: 33.33.33.1/27]
LAN(eth3) : 10.25.25.0/24
Server Port Forward :
IP(B) TCP port 2018 -> 10.25.25.5 port 80
IP(C) TCP port 80 -> 10.25.25.200 port 80
i'd like to be able to port forward from each WAN static IP to the same internal LAN Server,
and i've configured it like this :
Source NAT (and i'm not using masquerade)
Code: Select all
/ip firewall nat
add chain=srcnat out-interface=WAN1 src-address=10.25.25.5 action=src-nat to-address=11.11.11.12
add chain=srcnat out-interface=WAN2 src-address=10.25.25.5 action=src-nat to-address=33.33.33.12.12
add chain=srcnat out-interface=WAN1 src-address=10.25.25.200 action=src-nat to-address=11.11.11.13
add chain=srcnat out-interface=WAN2 src-address=10.25.25.200 action=src-nat to-address=33.33.33.13
Ip Route
Code: Select all
/ip route
add dst-address=0.0.0.0/0 gateway=11.11.11.1 distance=1
add dst-address=0.0.0.0/0 gateway=33.33.33.1 distance=2
Port Forward Rules
Code: Select all
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=WAN1 dst-address=11.11.11.12 dst-port=2018 to-address=10.25.25.5 to-ports=80
add chain=dstnat action=dst-nat in-interface=WAN2 dst-address=33.33.33.12 dst-port=2018 to-address=10.25.25.5 to-ports=80
add chain=dstnat action=dst-nat in-interface=WAN1 dst-address=11.11.11.13 dst-port=80 to-address=10.25.25.200 to-ports=80
add chain=dstnat action=dst-nat in-interface=WAN2 dst-address=33.33.33.13 dst-port=80 to-address=10.25.25.200 to-ports=80
Mark Connection
Code: Select all
/ip firewall mangle
add chain=prerouting in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_Conn
add chain=prerouting in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_Conn
Mark Route
Code: Select all
/ip firewall mangle
add chain=prerouting in-interface=LAN connection-mark=WAN1_Conn action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting in-interface=LAN connection-mark=WAN2_Conn action=mark-routing new-routing-mark=to_WAN2
Route with Mark Routing
Code: Select all
/ip route
add dst-address=0.0.0.0/0 routing-mark=to_WAN1 gateway=11.11.11.1
add dst-address=0.0.0.0/0 routing-mark=to_WAN2 gateway=33.33.33.1
everything looks fine with WAN1, but the problem exist in WAN2.. so, if DAC Route from IP in WAN2 has pref.source of 33.33.33.11,
then i can't access to other 2 IP's of WAN2 (33.33.33.12 & .13), only pref.source IP of WAN2 could port forward and give response from outside request.
what am i missing here btw? hope anyone could help~
Thanks~