Hi all,
I have a little complicated scenario that i would like some help.
On POP1 i have a public IP address who handles some services.
POP2 is a remote location where i have a branch that i need to use the same public IP from POP1
What im trying to achieve is:
- The server uses the same internet connection and default gateway, but all the incoming traffic from the tunnel reply trough it.
- So then, i Make a DNAT from 1.1.1.1 to 10.0.100.2 ->
- Then make another DNAT from 10.0.100.2 -> 192.168.88.2
- Its mandatory to use 1.1.1.1 as public IP instead of the Dyn IP from POP2
- I need to DNAT tcp port 8080 - 3306. so if i access 1.1.1.1:8080 -- 192.168.88.2 replies.
I think this is a routing problem, because the connection is established from the tunnel but the servers reply uses the default gateway (POP2 router). so it tries to reply trough internet instead of the tunnel.
im a little blocked out... and not looking outside the box.. so im asking for any help / feedback that can help.
thanks in advance.. Regards.
JB
Public IP DNAT Trough EoIP Tunnel.
You do not have the required permissions to view the files attached to this post.
Last edited by CyB3RMX on Wed Jul 17, 2019 9:02 pm, edited 1 time in total.
Re: Public IP DNAT Trough EoIP Tunnel.
It's very easy, you need to mark new incoming connections from tunnel and then route replies back to tunnel. It's pretty much the same thing as used for multi-WAN. Check PCC example (https://wiki.mikrotik.com/wiki/Manual:PCC) and you'll get it.
Re: Public IP DNAT Trough EoIP Tunnel.
Thank you so much..It's very easy, you need to mark new incoming connections from tunnel and then route replies back to tunnel. It's pretty much the same thing as used for multi-WAN. Check PCC example (https://wiki.mikrotik.com/wiki/Manual:PCC) and you'll get it.
great idea.. i haven't think about pcc...
I just did:
Code: Select all
/ip firewall mangle
add action=mark-connection chain=forward dst-address-type=!local in-interface=EoIP-Tunnel new-connection-mark=Tunnel-Conn passthrough=yes per-connection-classifier=dst-address-and-port:1/0
add action=mark-routing chain=prerouting connection-mark=Tunnel-Conn \ new-routing-mark=Tunnel-Route passthrough=yes
/ip route
add distance=1 gateway=10.0.100.1 routing-mark=Tunnel-Route
thanks
Re: Public IP DNAT Trough EoIP Tunnel.
Somehow the connection is established but doesnt go data over it... about 10secs later the connection is dropped... im not sure what i did wrong... =S any help?
Re: Public IP DNAT Trough EoIP Tunnel.
You don't want exactly PCC, it's just that I remember that PCC example shows how to mark new incoming connections based on interface and then mark routing to send responses back. So per-connection-classifier option in your config is useless, but otherwise something like this should work. Make sure that if you already do something with connection marks, it doesn't interfere with this. And I think you'll need to exclude these connections from fasttrack too, if you use it (I don't, so I'm not completely sure here).