Hello guys,
i try for over 2 years load balance with port forward, my load balance works fine, but the problem is for my nat port forward, if someone can help me,
thanks in advance
model = RB3011UiAS
/interface ethernet
set [ find default-name=ether3 ] comment="ETH 3 LAN" name=LAN
set [ find default-name=ether1 ] comment="ETH 1 WAN 1 MIKE G ROUTER" name=\
WAN1
set [ find default-name=ether2 ] comment="ETH 2 WAN 2 LELLIS ROUTER " name=\
WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.2.1/24 interface=LAN network=192.168.2.0
add address=192.168.1.200/24 interface=WAN1 network=192.168.1.0
add address=192.168.3.200/24 interface=WAN2 network=192.168.3.0
/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512 \
servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
LAN
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=\
LAN
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_mark passthrough=yes
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_mark passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_mark \
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_mark \
new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=local \
in-interface=LAN new-connection-mark=WAN1_mark passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN2_mark passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_mark \
in-interface=LAN new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_mark \
in-interface=LAN new-routing-mark=to_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat comment="HAP LELLIS ROOM TEST" dst-address=\
192.168.3.200 dst-port=8050 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8050
add action=dst-nat chain=dstnat comment="SIGMA HTTP" dst-address=\
192.168.3.200 dst-port=5053 protocol=tcp to-addresses=192.168.2.100 \
to-ports=5053
add action=dst-nat chain=dstnat comment="SIGMA DL" dst-address=192.168.3.200 \
dst-port=5051 protocol=tcp to-addresses=192.168.2.100 to-ports=5051
add action=dst-nat chain=dstnat comment="RASPBERRY UNIFI SERVER" dst-address=\
192.168.2.100 dst-port=8443 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8443
add action=dst-nat chain=dstnat comment="GALATAS ROOMS CCTV" dst-address=\
192.168.3.200 dst-port=8000 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8000
add action=dst-nat chain=dstnat comment=UBIFI dst-address=192.168.3.200 \
dst-port=8080 protocol=tcp to-addresses=192.168.2.100 to-ports=8080
add action=dst-nat chain=dstnat comment=STUN dst-address=192.168.3.200 \
dst-port=3478 protocol=tcp to-addresses=192.168.2.100 to-ports=3478
add action=dst-nat chain=dstnat comment="FTP NAS" dst-address=192.168.3.200 \
dst-port=21 protocol=tcp to-addresses=192.168.2.100 to-ports=21
add action=dst-nat chain=dstnat comment="MICHALA CCTV " dst-address=\
192.168.3.200 dst-port=8001 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8001
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=to_ISP1
add distance=1 gateway=10.0.0.1 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=8.8.4.4 routing-mark=to_ISP2
add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2
add distance=1 gateway=10.0.0.1
add distance=2 gateway=10.0.0.2
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.3.1 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 scope=10
add check-gateway=ping distance=1 dst-address=10.0.0.1/32 gateway=8.8.8.8 \
scope=10
add check-gateway=ping distance=1 dst-address=10.0.0.2/32 gateway=8.8.4.4 \
scope=10
/system clock
set time-zone-name=Europe/Athens