Hi,
Is it possible to do port forwarding in a dual ISP but running a load balancing setup with 2 ISP and I'd like to have a dedicate route for that network to be forwarded?
I'm experience that whenever I force it to route it's traffic the gateway became RTO and the port forwarding is not working.. btw, i'm using mangle to run loadbalancing at the same time force the route of that traffic to use ISP2 connection..
Your response is highly appreciated.
TIA
Re: Port Forwarding in a Force route with Dual WAN
Diagrams please, when you say "THAT NETWORK" it means nothing!!
Spell out the requirements more clearly as well.
Spell out the requirements more clearly as well.
Re: Port Forwarding in a Force route with Dual WAN
Hi,Diagrams please, when you say "THAT NETWORK" it means nothing!!
Spell out the requirements more clearly as well.
Thanks for the reply and sorry for the lack of info please see attached file of the diagram. I'm running 2 ISP for load balancing and my LAN setup via VLAN connection, I have this certain network that would like to be forwarded specifically to the ISP2 so what I did is to force this network-winbox traffic to work only to ISP2 but after doing that I can't ping the local gateway and make work the port forwarding..
I used mangle to force the network-winbox to run only via ISP2 and accesible to port 8080
btw here's my configuration on forcing the network-winbox to ISP2..
/ip firewall nat
add action=masquerade chain=srcnat comment="ISP1" disabled=yes out-interface="ether1<ISP1>" src-address=192.168.100.0/24
add action=masquerade chain=srcnat comment="ISP2" out-interface="ether2<ISP2>" src-address=192.168.100.0/24
add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses=192.168.100.10 to-ports=8291
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=Force-Route-ISP2 passthrough=no src-address=192.168.100.0/24
/ip route
add check-gateway=ping distance=1 gateway=100.100.100.1 routing-mark=to-isp1
add check-gateway=ping distance=1 gateway=200.200.200.1 routing-mark=to-isp2
add comment="force route to isp2" distance=1 gateway=200.200.200.1 routing-mark=Force-Route-ISP2
add comment="default route gateway isp1" distance=1 gateway=100.100.100.1
add comment="default route gateway isp2" distance=1 gateway=200.200.200.1
You do not have the required permissions to view the files attached to this post.
Re: Port Forwarding in a Force route with Dual WAN
Your explanation is again not sufficient.
I dont see vlans in your diagram and what does winbox have to do with it?
Just stated your managment vlan or subnet is X, could be the same as your home vlan/subnet.
Please post entire config
/export hide-sensitive file=anynameyouwish
Winbox has no need to exit the router, that is a very dangerous and insecure approach.
Winbox should only be accessible from an external user (aka you) via a VPN tunnel and the tunnel is to the inside of the router and there you access winbox.
So in a nutshell you have X number of subnets or vlans,
You want one vlan/subnet to ONLY use WAN2
The rest of the vlans/subnets you want to access both WAN1 and WAN2 as equally as possible.
(what are the speeds of the two ISP connections?)
(are the connection to static or dynamic WANIPs?)
I dont see vlans in your diagram and what does winbox have to do with it?
Just stated your managment vlan or subnet is X, could be the same as your home vlan/subnet.
Please post entire config
/export hide-sensitive file=anynameyouwish
Winbox has no need to exit the router, that is a very dangerous and insecure approach.
Winbox should only be accessible from an external user (aka you) via a VPN tunnel and the tunnel is to the inside of the router and there you access winbox.
So in a nutshell you have X number of subnets or vlans,
You want one vlan/subnet to ONLY use WAN2
The rest of the vlans/subnets you want to access both WAN1 and WAN2 as equally as possible.
(what are the speeds of the two ISP connections?)
(are the connection to static or dynamic WANIPs?)
Re: Port Forwarding in a Force route with Dual WAN
I agree with anav that what you're asking isn't abundantly clear. But I understood is as follows.
You have an internal subnet and you want to route to and from that network to ISP2.
If that's the case, I think you're way overthinking this. Just add mangle rules before those that do your load balancing scheme and set "connection mark=no-mark" in those, so that they don't replace your network previous specific rules' connection marks.
You have an internal subnet and you want to route to and from that network to ISP2.
If that's the case, I think you're way overthinking this. Just add mangle rules before those that do your load balancing scheme and set "connection mark=no-mark" in those, so that they don't replace your network previous specific rules' connection marks.