Fri Sep 24, 2010 5:09 pm
This is an overview.
Ether1-wan --> connects to isp
Ether2-hotspot1 --> connects hotspot clients network 192.168.16.0/24 and 192.168.1.0/24 for management
Ether5-hotspot2 --> connects to other hotspot network 192.168.9.0/24 and 192.168.200.0/24 for management
The first main server (192.168.1.159) is on the 192.168.1.0/24 network while the second server 1(92.168.200.159) is on 192.168.200.0/24 network
Both servers are bypassed in hotspot ip-binding settings.
I have dsnat to the main server using ports 10000,443,80,22,25
To the second server I mapped port 80 -> 10080, 443->10443, 22 ->10022
This is the firewall Nat print but I had removed nat settings for my 2nd server as i tried to trouble shoot it.
1 ;;; Mikrotik Ports
chain=dstnat action=dst-nat to-addresses=0.0.0.0 protocol=tcp
dst-address-type=local in-interface=ether1-wan
dst-port=!8291,8080,2210,2211,1723
2 ;;; server forwarding
chain=dstnat action=dst-nat to-addresses=192.168.1.159 protocol=tcp
dst-address-type=local in-interface=ether1-wan dst-port=10000,443,80,22,25
3 ;;; udp forwarding to server
chain=dstnat action=dst-nat to-addresses=192.168.1.159 protocol=udp
dst-address-type=local in-interface=ether1-wan
4 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.16.0/24
out-interface=ether1-wan
5 chain=srcnat action=masquerade src-address=192.168.100.0/24
out-interface=ether1-wan
6 chain=srcnat action=masquerade src-address=192.168.200.0/24
out-interface=ether1-wan
7 chain=srcnat action=masquerade src-address=192.168.1.0/24
out-interface=ether1-wan
8 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.8.0/24
out-interface=ether1-wan
9 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.9.0/24
out-interface=ether1-wan
10 X ;;; Squid http proxy
chain=dstnat action=dst-nat to-addresses=192.168.1.159 to-ports=3128
protocol=tcp src-address=!192.168.1.159 dst-port=80