Community discussions

MikroTik App
 
eleftherios
just joined
Topic Author
Posts: 3
Joined: Tue Jul 21, 2020 8:54 pm

port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 6:48 pm

Hello guys,
i try for over 2 years load balance with port forward, my load balance works fine, but the problem is for my nat port forward, if someone can help me,

thanks in advance




model = RB3011UiAS

/interface ethernet
set [ find default-name=ether3 ] comment="ETH 3 LAN" name=LAN
set [ find default-name=ether1 ] comment="ETH 1 WAN 1 MIKE G ROUTER" name=\
WAN1
set [ find default-name=ether2 ] comment="ETH 2 WAN 2 LELLIS ROUTER " name=\
WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.2.1/24 interface=LAN network=192.168.2.0
add address=192.168.1.200/24 interface=WAN1 network=192.168.1.0
add address=192.168.3.200/24 interface=WAN2 network=192.168.3.0
/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512 \
servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
LAN
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=\
LAN
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_mark passthrough=yes
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_mark passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_mark \
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_mark \
new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=local \
in-interface=LAN new-connection-mark=WAN1_mark passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN2_mark passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_mark \
in-interface=LAN new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_mark \
in-interface=LAN new-routing-mark=to_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat comment="HAP LELLIS ROOM TEST" dst-address=\
192.168.3.200 dst-port=8050 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8050
add action=dst-nat chain=dstnat comment="SIGMA HTTP" dst-address=\
192.168.3.200 dst-port=5053 protocol=tcp to-addresses=192.168.2.100 \
to-ports=5053
add action=dst-nat chain=dstnat comment="SIGMA DL" dst-address=192.168.3.200 \
dst-port=5051 protocol=tcp to-addresses=192.168.2.100 to-ports=5051
add action=dst-nat chain=dstnat comment="RASPBERRY UNIFI SERVER" dst-address=\
192.168.2.100 dst-port=8443 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8443
add action=dst-nat chain=dstnat comment="GALATAS ROOMS CCTV" dst-address=\
192.168.3.200 dst-port=8000 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8000
add action=dst-nat chain=dstnat comment=UBIFI dst-address=192.168.3.200 \
dst-port=8080 protocol=tcp to-addresses=192.168.2.100 to-ports=8080
add action=dst-nat chain=dstnat comment=STUN dst-address=192.168.3.200 \
dst-port=3478 protocol=tcp to-addresses=192.168.2.100 to-ports=3478
add action=dst-nat chain=dstnat comment="FTP NAS" dst-address=192.168.3.200 \
dst-port=21 protocol=tcp to-addresses=192.168.2.100 to-ports=21
add action=dst-nat chain=dstnat comment="MICHALA CCTV " dst-address=\
192.168.3.200 dst-port=8001 protocol=tcp to-addresses=192.168.2.100 \
to-ports=8001
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=to_ISP1
add distance=1 gateway=10.0.0.1 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=8.8.4.4 routing-mark=to_ISP2
add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2
add distance=1 gateway=10.0.0.1
add distance=2 gateway=10.0.0.2
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.3.1 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 scope=10
add check-gateway=ping distance=1 dst-address=10.0.0.1/32 gateway=8.8.8.8 \
scope=10
add check-gateway=ping distance=1 dst-address=10.0.0.2/32 gateway=8.8.4.4 \
scope=10
/system clock
set time-zone-name=Europe/Athens
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 6:56 pm

I dont see any firewall rules ???
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 7:25 pm

There are mistakes in your Mangle Rules...
Destination address type must be as follows :
dst-address-type=!local
Also, you should let only the packets without connection mark to enter the hashing process... so you should use:
connection-mark=no-mark
Otherwise, when a packet enters e.g. wan 1, it will still enter the hashing procedure, since you do not define that only unmarked packets can be part of the hashing...
 
eleftherios
just joined
Topic Author
Posts: 3
Joined: Tue Jul 21, 2020 8:54 pm

Re: port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 7:39 pm

thanks for your reply, i am not professional in mikrotik, but you mean that below ?

add action=dst-nat chain=dstnat comment="RASPBERRY UNIFI SERVER" dst-address=\
192.168.2.100 dst-address-type=local dst-port=8443 protocol=tcp \
to-addresses=192.168.2.100 to-ports=8443


i want all port to get out from WAN2

thanks :)
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 7:54 pm

No, am talking about your Mangle rules...
Also check the implementation of your recursive routing here viewtopic.php?t=157048
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 7:54 pm

In addition to what @Zacharias wrote, those two connection marking rules that you have in chain=input should be in chain=prerouting.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: port forward with 2 wan's and 1 lan

Sun Feb 13, 2022 8:12 pm

Who is online

Users browsing this forum: No registered users and 17 guests