Community discussions

MikroTik App
  4. RouterOS
  5. General

nat giving me prolems not shore why

Post Reply
 
xezen
Long time Member
Long time Member
Topic Author
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

nat giving me prolems not shore why

Tue Sep 07, 2010 1:21 pm

what i have is gateway------mikrotik x86------------------conections----------cpe--------server

when i try connect from internal to that address it times out
from outside it tells me its correct
but cant see port 80

cpe gets it connection from x86

it get the ip 10.0.18.2
cpe wireless interface=10.0.18.2
cpe ethernet interface gives out 10.52.0.2/24
server addess is 10.52.0.6

static address on server is 196.212.132.54

her is nat rules on cpe
0 chain=srcnat action=masquerade

1 chain=dstnat action=dst-nat to-addresses=10.52.0.6 dst-address=10.0.18.2

2 chain=srcnat action=src-nat to-addresses=10.0.18.2 src-address=10.52.0.6



her is rules on x86

/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment=proxy \
disable-running-check=yes disabled=yes full-duplex=yes mac-address=\
00:1D:7D:99:DA:8E mtu=1500 name=onboard speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment=mweb \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:1A:33:F8 mtu=1500 name=wlan1 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment=\
Mailserver disable-running-check=yes disabled=no full-duplex=yes l2mtu=\
1600 mac-address=00:0C:42:1A:33:F9 mtu=1500 name=Mail speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment=is \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:1A:33:FA mtu=1500 name=fast speed=100Mbps
set 4 arp=enabled auto-negotiation=yes cable-settings=default comment="" \
disable-running-check=yes disabled=yes full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:1A:33:FB mtu=1500 name=4 speed=100Mbps
set 5 arp=enabled auto-negotiation=yes cable-settings=default comment=datapro \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:1A:34:44 mtu=1500 name=slow speed=100Mbps
set 6 arp=enabled auto-negotiation=yes cable-settings=default comment=datapro \
disable-running-check=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:1A:34:45 mtu=1500 name=other speed=100Mbps
set 7 arp=enabled auto-negotiation=yes cable-settings=default comment=\
"Office Network" disable-running-check=yes disabled=no full-duplex=yes \
l2mtu=1600 mac-address=00:0C:42:1A:34:46 mtu=1500 name=office speed=\
100Mbps
set 8 arp=enabled auto-negotiation=yes cable-settings=default comment=\
"Network IN" disable-running-check=yes disabled=no full-duplex=yes l2mtu=\
1600 mac-address=00:0C:42:1A:34:47 mtu=1500 name=Local speed=100Mbps
/ip pool
add name=ClientsPPTP ranges=192.168.77.1-192.168.77.254
add name=dhcp_pool1 ranges=192.168.84.2-192.168.84.254
add name=w1 ranges=10.0.0.2-10.0.0.254
add name=w3 ranges=10.0.2.2-10.0.2.254
add name=w4 ranges=10.0.4.2-10.0.4.254
add name=w5 ranges=10.0.6.2-10.0.6.254
add name=w6 ranges=10.0.10.2-10.0.10.254
add name=w7 ranges=10.0.11.2-10.0.11.254
add name=w8 ranges=10.0.9.2-10.0.9.254
add name=w9 ranges=10.0.13.2-10.0.13.254
add name=w10 ranges=10.0.8.2-10.0.8.254
add name=w11 ranges=10.0.12.2-10.0.12.254
add name=w12 ranges=10.0.7.2-10.7.0.254
add name=w13 ranges=10.0.3.2-10.3.0.254
add name=Servers ranges=10.0.254.2-10.0.254.254
add name=w2 ranges=10.0.5.2-10.0.5.254
add name=ww ranges=10.0.1.2-10.0.1.254
add name=ws1 ranges=10.0.15.2-10.0.15.254
add name=wsss ranges=10.0.16.2-10.0.16.254
add name=xxsa ranges=10.0.17.2-10.0.17.254
add name=xxxxxxxxxx ranges=10.0.18.2-10.0.18.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=office lease-time=3d name=dhcp1
add address-pool=w1 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w1 relay=10.0.0.1
add address-pool=w3 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w3 relay=10.0.2.1
add address-pool=w4 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w4 relay=10.0.4.1
add address-pool=w5 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w5 relay=10.0.6.1
add address-pool=w6 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w6 relay=10.0.10.1
add address-pool=w7 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w7 relay=10.0.11.1
add address-pool=w8 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w8 relay=10.0.9.1
add address-pool=w9 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w9 relay=10.0.13.1
add address-pool=w10 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w10 relay=10.0.8.1
add address-pool=w11 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w11 relay=10.0.12.1
add address-pool=w12 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w12 relay=10.0.7.1
add address-pool=w13 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w13 relay=10.0.3.1
add address-pool=Servers authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=onboard lease-time=3d name=Servers
add address-pool=w2 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=w2 relay=10.0.5.1
add address-pool=ww authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=ww relay=10.0.1.1
add address-pool=ws1 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=server1 relay=10.0.15.1
add address-pool=wsss authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=server2 relay=10.0.16.1
add address-pool=xxsa authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=Local lease-time=3d name=server3 relay=10.0.17.1
add address-pool=xxxxxxxxxx authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=Local lease-time=3d name=server4 relay=\
10.0.18.1
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name="All Que" pcq-classifier=\
src-address,dst-address,src-port,dst-port pcq-limit=50 pcq-rate=0 \
pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default comment="" disabled=no distribute-default=always-as-type-2 \
in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
out-filter=ospf-out redistribute-bgp=no redistribute-connected=as-type-2 \
redistribute-other-ospf=no redistribute-rip=no redistribute-static=\
as-type-2 router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=\
backbone type=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=yes \
use-ip-firewall-for-vlan=yes
/interface l2tp-server server
set authentication=pap,chap default-profile=default-encryption enabled=yes \
max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth="" certificate=none cipher=blowfish128,aes128,aes192,aes256 \
default-profile=default enabled=yes keepalive-timeout=60 mac-address=\
FE:C1:3E:BD:85:B4 max-mtu=1500 mode=ip netmask=24 port=1194 \
require-client-certificate=yes
/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
no interface=fast keepalive-timeout=10 max-mru=1480 max-mtu=1480 \
max-sessions=0 mrru=disabled one-session-per-host=yes service-name=""
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
no interface=other keepalive-timeout=10 max-mru=1480 max-mtu=1480 \
max-sessions=0 mrru=disabled one-session-per-host=no service-name=\
service2
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
no interface=slow keepalive-timeout=10 max-mru=1480 max-mtu=1480 \
max-sessions=0 mrru=disabled one-session-per-host=no service-name=\
service3
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 \
max-sessions=0 mrru=disabled one-session-per-host=no service-name=\
service1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=23.0.0.1/24 broadcast=23.0.0.255 comment="" disabled=no \
interface=Local network=23.0.0.0
add address=196.212.132.50/29 broadcast=196.212.132.55 comment="" disabled=no \
interface=other network=196.212.132.48
add address=196.212.132.51/29 broadcast=196.212.132.51 comment="" disabled=no \
interface=other network=196.212.132.48
add address=196.212.132.52/29 broadcast=196.212.132.55 comment="" disabled=no \
interface=other network=196.212.132.48
add address=192.168.84.1/24 broadcast=192.168.84.255 comment="" disabled=no \
interface=office network=192.168.84.0
add address=196.212.59.213/29 broadcast=196.212.59.215 comment="" disabled=no \
interface=slow network=196.212.59.208
add address=196.212.132.53/29 broadcast=196.212.132.55 comment="" disabled=no \
interface=other network=196.212.132.48
add address=196.212.132.54/29 broadcast=196.212.132.55 comment="" disabled=no \
interface=other network=196.212.132.48
add address=10.0.26.1/24 broadcast=10.0.26.255 comment="" disabled=no \
interface=wlan1 network=10.0.26.0
add address=196.213.192.67/29 broadcast=196.213.192.71 comment="" disabled=no \
interface=fast network=196.213.192.64
add address=10.254.0.1/24 broadcast=10.254.0.255 comment="" disabled=no \
interface=Mail network=10.254.0.0
add address=192.168.1.121/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=fast network=192.168.1.0
add address=10.253.0.1/32 broadcast=10.253.0.1 comment="" disabled=no \
interface=Local network=10.253.0.1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.84.120 client-id=1:0:2:d1:6:5e:b1 comment=cam disabled=no \
mac-address=00:02:D1:06:5E:B1 server=dhcp1
add address=192.168.84.227 comment="" disabled=no mac-address=\
00:14:D1:70:4E:91 server=dhcp1
add address=192.168.84.108 client-id=1:0:80:92:8:9c:76 comment="" disabled=no \
mac-address=00:80:92:08:9C:76 server=dhcp1
add address=10.0.2.2 always-broadcast=yes client-id=1:0:1d:f:ae:e2:31 \
comment="" disabled=no mac-address=00:1D:0F:AE:E2:31 server=w3
add address=10.0.2.4 always-broadcast=yes client-id=1:0:c:42:2b:a8:c6 \
comment="" disabled=no mac-address=00:0C:42:2B:A8:C6 server=w3
add address=10.0.4.2 always-broadcast=yes client-id=1:0:80:48:52:14:93 \
comment="" disabled=no mac-address=00:80:48:52:14:93 server=w4
add address=10.0.4.3 client-id=1:0:19:e0:12:6e:a2 comment="" disabled=no \
mac-address=00:19:E0:12:6E:A2 server=w4
add address=10.0.6.2 client-id=1:0:c:42:31:4e:6 comment="" disabled=no \
mac-address=00:0C:42:31:4E:06 server=w5
add address=10.0.11.2 client-id=1:0:c:42:31:4d:d4 comment="" disabled=no \
mac-address=00:0C:42:31:4D:D4 server=w7
add address=10.0.11.3 always-broadcast=yes client-id=1:0:1d:f:af:5:e4 \
comment="" disabled=no mac-address=00:1D:0F:AF:05:E4 server=w7
add address=10.0.9.2 always-broadcast=yes client-id=1:0:2:6f:4b:29:3a \
comment="" disabled=no mac-address=00:02:6F:4B:29:3A server=w8
add address=10.0.8.2 client-id=1:0:1d:f:af:16:c4 comment="" disabled=no \
mac-address=00:1D:0F:AF:16:C4 server=w10
add address=10.0.8.3 always-broadcast=yes client-id=1:0:1d:f:ae:ea:f comment=\
"" disabled=no mac-address=00:1D:0F:AE:EA:0F server=w10
add address=10.0.8.4 client-id=1:0:c:42:2b:33:f6 comment="" disabled=no \
mac-address=00:0C:42:2B:33:F6 server=w10
add address=10.0.12.2 client-id=1:0:c:42:18:ba:b8 comment="" disabled=no \
mac-address=00:0C:42:18:BA:B8 server=w11
add address=10.0.12.3 client-id=1:0:c:42:2b:86:ff comment="" disabled=no \
mac-address=00:0C:42:2B:86:FF server=w11
add address=10.0.12.4 client-id=1:0:19:e0:18:94:be comment="" disabled=no \
mac-address=00:19:E0:18:94:BE server=w11
add address=10.0.12.5 client-id=1:0:c:42:2b:86:d4 comment="" disabled=no \
mac-address=00:0C:42:2B:86:D4 server=w11
add address=10.0.12.6 always-broadcast=yes client-id=1:0:c:42:1f:6f:ea \
comment="" disabled=no mac-address=00:0C:42:1F:6F:EA server=w11
add address=10.0.7.254 always-broadcast=yes client-id=1:0:2:6f:45:86:12 \
comment="" disabled=no mac-address=00:02:6F:45:86:12 server=w12
add address=10.0.3.254 always-broadcast=yes client-id=1:0:c:42:26:74:21 \
comment="" disabled=no mac-address=00:0C:42:26:74:21 server=w13
add address=10.0.3.253 client-id=1:0:c:42:64:23:4e comment="" disabled=no \
mac-address=00:0C:42:64:23:4E server=w13
add address=10.0.7.251 client-id=1:0:2:6f:45:85:f1 comment="" disabled=no \
mac-address=00:02:6F:45:85:F1 server=w12
add address=10.0.7.250 client-id=1:0:c:42:c:3a:b comment="" disabled=no \
mac-address=00:0C:42:0C:3A:0B server=w12
add address=10.0.11.4 client-id=1:0:80:48:52:14:c0 comment="" disabled=no \
mac-address=00:80:48:52:14:C0 server=w7
add address=10.0.5.2 client-id=1:0:c:42:31:5e:c1 comment="" disabled=no \
mac-address=00:0C:42:31:5E:C1 server=w2
add address=10.0.10.3 client-id=1:0:c:42:63:33:ec comment="" disabled=no \
mac-address=00:0C:42:63:33:EC server=w6
add address=10.0.1.254 always-broadcast=yes client-id=1:0:c:42:1f:2a:b9 \
comment="" disabled=no mac-address=00:0C:42:1F:2A:B9 server=ww
add address=10.0.15.2 client-id=1:0:c:42:62:f8:e comment="" disabled=no \
mac-address=00:0C:42:62:F8:0E server=server1
add address=10.0.16.2 client-id=1:0:c:42:63:34:99 comment="" disabled=no \
mac-address=00:0C:42:63:34:99 server=server2
add address=10.0.16.3 client-id=1:0:c:42:63:39:ca comment="" disabled=no \
mac-address=00:0C:42:63:39:CA server=server2
add address=10.0.7.249 client-id=1:0:c:42:62:b1:7f comment="" disabled=no \
mac-address=00:0C:42:62:B1:7F server=w12
add address=10.0.7.248 always-broadcast=yes client-id=1:0:c:42:31:4d:e5 \
comment="" disabled=no mac-address=00:0C:42:31:4D:E5 server=w12
add address=10.0.17.3 client-id=1:0:c:42:31:65:20 comment="" disabled=no \
mac-address=00:0C:42:31:65:20 server=server3
add address=10.0.17.2 always-broadcast=yes client-id=1:0:1d:f:af:5:cb \
comment="" disabled=no mac-address=00:1D:0F:AF:05:CB server=server3
add address=10.0.17.4 always-broadcast=yes client-id=1:0:1d:f:af:1e:3a \
comment="" disabled=no mac-address=00:1D:0F:AF:1E:3A server=server3
add address=10.0.11.5 client-id=1:0:1d:f:af:7:db comment="" disabled=no \
mac-address=00:1D:0F:AF:07:DB server=w7
add address=10.0.18.2 client-id=1:0:c:42:62:63:79 comment="" disabled=no \
mac-address=00:0C:42:62:63:79 server=server4
add address=10.0.18.3 always-broadcast=yes client-id=1:0:c:42:63:33:ec \
comment="" disabled=no mac-address=00:0C:42:63:33:EC server=server4
add address=10.0.6.3 client-id=1:0:c:42:2b:33:c2 comment="" disabled=no \
mac-address=00:0C:42:2B:33:C2 server=w5
add address=10.0.16.4 client-id=1:0:c:42:7b:51:9f comment="" disabled=no \
mac-address=00:0C:42:7B:51:9F server=server2
add address=10.0.17.5 client-id=1:0:c:42:23:ca:21 comment="" disabled=no \
mac-address=00:0C:42:23:CA:21 server=server3
add address=10.0.4.4 client-id=1:30:7c:30:de:98:74 comment="" disabled=no \
mac-address=30:7C:30:DE:98:74 server=w4
/ip dhcp-server network
add address=10.0.0.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.0.1 \
ntp-server=23.0.0.1
add address=10.0.1.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.1.1 \
ntp-server=23.0.0.1
add address=10.0.2.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.2.1 \
ntp-server=23.0.0.1
add address=10.0.3.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.3.1 \
ntp-server=23.0.0.1
add address=10.0.4.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.4.1 \
ntp-server=23.0.0.1
add address=10.0.5.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.5.1 \
ntp-server=23.0.0.1
add address=10.0.6.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.6.1 \
ntp-server=23.0.0.1
add address=10.0.7.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.7.1 \
ntp-server=23.0.0.1
add address=10.0.8.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.8.1 \
ntp-server=23.0.0.1
add address=10.0.9.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.9.1 \
ntp-server=23.0.0.1
add address=10.0.10.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.10.1 \
ntp-server=23.0.0.1
add address=10.0.11.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.11.1 \
ntp-server=23.0.0.1
add address=10.0.12.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.12.1 \
ntp-server=23.0.0.1
add address=10.0.13.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.13.1 \
ntp-server=23.0.0.1
add address=10.0.15.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.15.1 \
ntp-server=23.0.0.1
add address=10.0.16.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.16.1 \
ntp-server=23.0.0.1
add address=10.0.17.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.17.1 \
ntp-server=23.0.0.1
add address=10.0.18.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.18.1 \
ntp-server=23.0.0.1
add address=10.0.254.0/24 comment="" dns-server=23.0.0.1 gateway=10.0.254.1 \
ntp-server=23.0.0.1
add address=192.168.84.0/24 comment="" gateway=192.168.84.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=8192KiB \
max-udp-packet-size=1024 servers=168.210.2.2,196.14.239.2
/ip dns static
add address=196.213.192.67 comment="" disabled=no name=share.volthan.com ttl=\
1d
add address=10.254.0.2 comment="" disabled=no name=pop3.volthan.co.za ttl=1d
add address=10.254.0.2 comment="" disabled=no name=smtp.volthan.co.za ttl=1d
add address=10.254.0.2 comment="" disabled=no name=mail.volthan.co.za ttl=1d
add address=10.254.0.2 comment="" disabled=no name=imap.volthan.co.za ttl=1d
add address=10.254.0.2 comment="" disabled=no name=mail.sscleanners.co.za \
ttl=1d
add address=10.254.0.2 comment="" disabled=no name=imap.sscleanners.co.za \
ttl=1d
add address=10.254.0.2 comment="" disabled=no name=pop3.sscleanners.co.za \
ttl=1d
add address=10.254.0.2 comment="" disabled=no name=smtp.sscleanners.co.za \
ttl=1d
add address=10.254.0.2 comment="" disabled=no name=mail.palaborascaff.co.za \
ttl=1d
add address=10.254.0.2 comment="" disabled=no name=imap.palaborascaff.co.za \
ttl=1d
add address=10.254.0.2 comment="" disabled=no name=pop3.palaborascaff.co.za \
ttl=1d
/ip firewall address-list
add address=196.212.59.211 comment="" disabled=no list=local
add address=196.213.192.69 comment="" disabled=no list=local
add address=192.168.84.0/24 comment="" disabled=no list=local
add address=196.213.192.68 comment="" disabled=no list=local
add address=192.168.1.0/24 comment="" disabled=no list=local
add address=200.0.0.0/24 comment="" disabled=no list=local
add address=200.14.0.0/24 comment="" disabled=no list=local
add address=200.0.3.2 comment="" disabled=no list=local
add address=64.0.0.0/24 comment="" disabled=no list=local
add address=200.0.27.2 comment="" disabled=no list=local
add address=200.0.23.0/24 comment="" disabled=no list=local
add address=200.0.24.0/24 comment="" disabled=no list=local
add address=200.0.25.0/24 comment="" disabled=no list=local
add address=196.212.59.212 comment="" disabled=no list=local
add address=192.168.3.0/24 comment="" disabled=no list=local
add address=10.54.0.0/24 comment="" disabled=no list=local
add address=200.0.6.1 comment="" disabled=no list=local
add address=200.0.6.2 comment="" disabled=no list=local
add address=196.212.132.50 comment="" disabled=no list=local
add address=192.168.92.0/24 comment="" disabled=no list=local
add address=10.52.0.0/24 comment="" disabled=no list=local
add address=10.52.0.0/24 comment="" disabled=no list=local
add address=200.0.20.253 comment="" disabled=no list=local
add address=196.212.132.67 comment="" disabled=no list=local
add address=192.168.84.130 comment="" disabled=no list=local
add address=10.55.0.247 comment="" disabled=no list=local
add address=10.30.0.0/24 comment="" disabled=no list=local
add address=10.5.0.0/24 comment="" disabled=no list=local
add address=200.0.19.2 comment="" disabled=no list=local
add address=200.0.22.2 comment="" disabled=no list=local
add address=65.0.0.0/24 comment="" disabled=no list=local
add address=24.0.0.0/24 comment="" disabled=no list=local
add address=192.168.250.116 comment="" disabled=no list=local
add address=200.0.12.2 comment="" disabled=no list=local
add address=10.0.253.2 comment="" disabled=no list=local
add address=10.0.26.0/24 comment="" disabled=no list=local
add address=99.0.0.253 comment="" disabled=no list=local
add address=196.212.132.54 comment="" disabled=no list=local
add address=10.52.0.0/24 comment="" disabled=no list=local
add address=196.213.192.67 comment="" disabled=no list=local
add address=10.254.0.0/24 comment="" disabled=no list=local
add address=10.254.0.2 comment="" disabled=no list="not mag"
add address=10.254.0.2 comment="" disabled=no list="address local server"
add address=196.213.192.70 comment="" disabled=no list="address local server"
add address=196.213.192.67 comment="" disabled=no list="address local server"
add address=196.212.132.51 comment="" disabled=no list="address local server"
add address=196.212.132.53 comment="" disabled=no list="address local server"
add address=196.213.192.70 comment="" disabled=no list="address local server"
add address=196.212.132.54 comment="" disabled=no list="address local server"
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp \
src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
0s chain=forward comment="" connection-limit=40,32 disabled=no dst-port=\
25 limit=50,1000 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=110 protocol=\
tcp src-address-list=popspammer
add action=add-src-to-address-list address-list=popspammer \
address-list-timeout=0s chain=forward comment="" connection-limit=30,32 \
disabled=no dst-port=110 limit=500,5000 protocol=tcp
add action=drop chain=forward comment="" disabled=no src-address=10.0.4.4
/ip firewall mangle
add action=mark-routing chain=prerouting comment=http disabled=no \
dst-address-list="!address local server" dst-port=80 new-routing-mark=80 \
passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment=https disabled=no \
dst-address-list="!address local server" dst-port=443 new-routing-mark=\
https passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment=wow disabled=no dst-port=\
1119,3724,6112,6113,6114,4000 new-routing-mark=wow passthrough=no \
protocol=tcp
add action=mark-routing chain=prerouting comment=openvpn disabled=no \
dst-port=1206 new-routing-mark=openvpn passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment=wow disabled=no dst-port=\
3724 new-routing-mark=wow passthrough=no protocol=udp
add action=mark-routing chain=prerouting comment=wow disabled=no dst-port=\
6881-6999 new-routing-mark=wow passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment="Texen poker on facebook" \
disabled=no dst-port=9339 new-routing-mark=texen passthrough=no protocol=\
tcp
add action=mark-routing chain=prerouting comment=\
"Call of Duty - Modern Warfare 2" disabled=no dst-port=28960-29000 \
new-routing-mark="Call of Duty - Modern Warfare 2" passthrough=no \
protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=\
tcp
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=\
udp
add action=dst-nat chain=dstnat comment=h disabled=no dst-address=\
196.212.132.54 to-addresses=10.0.18.2
add action=src-nat chain=srcnat comment=h disabled=no src-address=10.0.18.2 \
to-addresses=196.212.132.54
add action=dst-nat chain=dstnat comment=Mail disabled=no dst-address=\
196.213.192.67 protocol=tcp to-addresses=10.254.0.2
add action=src-nat chain=srcnat comment=Mail disabled=no src-address=\
10.254.0.2 to-addresses=196.213.192.67
add action=dst-nat chain=dstnat comment=fred disabled=no dst-address=\
196.212.132.51 to-addresses=192.168.84.10
add action=src-nat chain=srcnat comment=fred disabled=no src-address=\
192.168.84.10 to-addresses=196.212.132.51
add action=dst-nat chain=dstnat comment=fred disabled=no dst-address=\
196.212.132.53 src-address-list=!local to-addresses=10.0.12.5
add action=src-nat chain=srcnat comment=fred disabled=no src-address=\
10.0.12.5 to-addresses=196.212.132.53
add action=masquerade chain=srcnat comment="" disabled=no dst-address-list=\
196.212.132.54
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
pppoe-out1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=slow
add action=masquerade chain=srcnat comment="" disabled=no out-interface=other
add action=masquerade chain=srcnat comment="" disabled=no out-interface=wlan1
add action=masquerade chain=srcnat comment=Inet-3 disabled=no out-interface=\
fast
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip neighbor discovery
set onboard discover=yes
set wlan1 discover=yes
set Mail discover=yes
set fast discover=yes
set 4 discover=yes
set slow discover=yes
set other discover=yes
set office discover=yes
set Local discover=yes
set pppoe-out1 discover=no
/ip proxy
set always-from-cache=no cache-administrator="" cache-hit-dscp=4 \
cache-on-disk=yes enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=yes src-address=\
0.0.0.0
/ip proxy access
add action=allow comment="" disabled=no
/ip proxy cache
add action=deny comment="" disabled=no dst-host=":cgi-bin \\\?"
add action=allow comment="" disabled=no
/ip proxy direct
add action=allow comment="" disabled=no
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.212.132.49 routing-mark=hh scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.212.59.209 routing-mark=80 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.213.192.65 routing-mark=https scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.213.192.65 routing-mark=wow scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
41.132.32.1 routing-mark=openvpn scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.213.192.65 routing-mark=texen scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.212.132.49 routing-mark="Call of Duty - Modern Warfare 2" scope=30 \
target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
41.132.32.1 routing-mark=fast-http scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
41.132.32.1 routing-mark=fast-https-web scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
41.132.32.1 routing-mark=me scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
41.132.32.1 routing-mark=mont scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.213.192.65 routing-mark=mail scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
196.212.132.49,196.212.59.209,41.133.96.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=81
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=52387
/ip socks access
add action=allow disabled=no dst-address=0.0.0.0 dst-port=52387 src-address=\
10.0.10.254-255.255.255.255 src-port=52387
add action=allow disabled=no dst-address=0.0.0.0 dst-port=52387 src-address=\
192.168.84.92-255.255.255.255 src-port=52387
add action=allow disabled=no dst-address=10.0.10.254-255.255.255.255 \
dst-port=52387 src-address=0.0.0.0 src-port=52387
add action=allow disabled=no dst-address=192.168.84.92-255.255.255.255 \
dst-port=52387 src-address=0.0.0.0 src-port=52387
add action=deny disabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=yes \
inactive-flow-timeout=15s interfaces=all
/ip traffic-flow target
add address=192.168.84.214:2055 disabled=no v9-template-refresh=20 \
v9-template-timeout=30m version=5
add address=196.213.192.67:2055 disabled=no v9-template-refresh=20 \
v9-template-timeout=30m version=5
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=no
/ppp aaa
set accounting=no interim-update=0s use-radius=no
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=christa password=lenchris profile=default-encryption routes="" \
service=any
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=peg password=pegmin profile=default routes="" service=any
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 \
name=x password=x profile=default routes="" service=any
/queue interface
set onboard queue=ethernet-default
set wlan1 queue=ethernet-default
set Mail queue=ethernet-default
set fast queue=ethernet-default
set 4 queue=ethernet-default
set slow queue=ethernet-default
set other queue=ethernet-default
set office queue=ethernet-default
set Local queue=ethernet-default
set pppoe-out1 queue=default
/radius
add accounting-backup=no accounting-port=1813 address=23.0.0.1 \
authentication-port=1812 called-id="" comment="" disabled=no domain="" \
realm="" secret=xx service=ppp,wireless timeout=300ms
/radius incoming
set accept=yes port=1700
/routing bfd interface
set all comment="" disabled=no interface=all interval=0.2sec min-rx=0.2sec \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing ospf network
add area=backbone comment="" disabled=no network=0.0.0.0/0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
Top
 
xezen
Long time Member
Long time Member
Topic Author
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: nat giving me prolems not shore why

Wed Sep 08, 2010 7:57 am

any one
Top
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: nat giving me prolems not shore why

Wed Sep 08, 2010 8:06 am

That is a wall of text I am not prepared to read because most of it isn't applicable to the problem. If the below is a wrong guess please post a condensed version of your configuration and a network diagram.

Is the situation as such: you have a router that performs destination NAT for a server and clients on the other side of the router can access the server fine, but clients on the same side of the router cannot?
Read this: http://wiki.mikrotik.com/wiki/Hairpin_NAT
Top
 
xezen
Long time Member
Long time Member
Topic Author
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: nat giving me prolems not shore why

Wed Sep 08, 2010 10:48 am

thanks alot that was exactly what i need to fix my problem
Top
Post Reply

Who is online

Users browsing this forum: ChadRT, LdB, lubara and 141 guests
  4. RouterOS
  5. General