Community discussions

MikroTik App
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Multiple Routing Tables - Packet Loss between networks

Fri Apr 22, 2022 2:16 pm

Hi to all.
I'm a beginner and I'm asking for your help.
I have two LTE Mikrotik routers connected through Wireguard VPN.
At router R1, there is a PC connected to eth1 192.168.80.254 and another network to eth5. - 192.168.0.0/24 (192.168.0.15) to be more precise.
it looks like this :
Image

# apr/22/2022 12:34:50 by RouterOS 7.2.1
# software id = AY67-J7WD
#
# model = D53G-5HacD2HnD

/interface bridge
add admin-mac=2C:C8:1B:B9:89:EF auto-mac=no comment=defconf name=bridge
add name=wien-netz

/interface lte
set [ find ] allow-roaming=no band="" name=lte1 nr-band=""

DISABLED
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\
20/40mhz-XX distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=MikroTik-B989F4 wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=6 band=5ghz-a/n/ac \
channel-width=20/40/80mhz-XXXX distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=MikroTik-B989F5 \
wireless-protocol=802.11

/interface wireguard
add listen-port=51194 mtu=1420 name=WG-WIEN

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp ranges=192.168.80.10-192.168.80.254

/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf

/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2
add bridge=wien-netz interface=ether5

/interface bridge settings
set use-ip-firewall-for-pppoe=yes

/ip neighbor discovery-settings
set discover-interface-list=none

/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes \
forward=no max-neighbor-entries=8192

/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=default use-ipsec=required

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN

/interface ovpn-server server
set auth=sha1,md5

/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set keepalive-timeout=disabled

/interface wireguard peers
add allowed-address=172.16.5.0/24,192.168.85.0/24,192.168.80.0/24 comment=\
"Router Hollabrunn" interface=WG-WIEN public-key="xxxxxxxxx"
add allowed-address=172.16.5.10/32 comment="PC ARBEIT" interface=WG-WIEN \
public-key="xxxxxxxx"
add allowed-address=172.16.5.15/32 comment=Laptop interface=WG-WIEN \
public-key="xxxxxxxxxxxxxx"

/ip address
add address=192.168.80.1/24 comment=defconf interface=bridge network=192.168.80.0
add address=172.16.5.1/24 interface=WG-WIEN network=172.16.5.0

/ip cloud
set update-time=no

/ip dhcp-client
add add-default-route=no interface=wien-netz use-peer-dns=no

/ip dhcp-server network
add address=192.168.80.0/24 comment=defconf dns-server=192.168.80.1,8.8.8.8 gateway=192.168.80.1

/ip dns
set servers=8.8.8.8,8.8.4.4

/ip dns static
add address=192.168.80.1 comment=defconf name=router.lan

/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
add address=192.168.80.2-192.168.80.254 list=allowed_to_router

/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=PPTP dst-port=1450 protocol=tcp
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment=Wireguard dst-port=51194 protocol=udp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

add action=accept chain=forward comment="Acces WIEN NETZ" in-interface=bridge out-interface=wien-netz
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes hw-offload=yes

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state= established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat connection-state=new in-interface=lte1 log=yes log-prefix=!NAT
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=lte1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=input comment="dropping port scanners" src-address-list="port scanners"


/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=wien-netz new-routing-mark=main passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

add action=masquerade chain=srcnat comment=Wireguard src-address=192.168.85.0/24
add action=masquerade chain=srcnat comment="Router WIEN" src-address=192.168.80.0/24
add action=masquerade chain=srcnat comment="WIREGUARD IPS" src-address=172.16.5.0/24

/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes

/ip route add disabled=no dst-address=192.168.85.0/24 gateway=WG-WIEN routing-table=main suppress-hw-offload=no


Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAm 0.0.0.0/0 lte1 2
DAc 172.16.5.0/24 WG-WIEN 0
DAc 178.113.22.90/32 lte1 0
DAc 192.168.0.0/24 wien-netz 0
DAc 192.168.80.0/24 bridge 0
0 As 192.168.85.0/24 WG-WIEN 1




/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN

/ipv6 nd
set [ find default=yes ] disabled=yes

/system logging
add topics=wireguard
add disabled=yes topics=route
add disabled=yes topics=debug

/system ntp client
set enabled=yes


/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system scheduler
add interval=5m name=xxx on-event=" /system script run xxx" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=feb/23/2022 start-time=19:26:16
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "

add dont-require-permissions=no name=xxx owner=xxx policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
global ddnsuser \"xxxxxxx\"\r\
\n:global ddnspass \"xxxxx\"\r\
\n:global theinterface \"lte1\"\r\
\n:global ddnshost \"xxxxxxxxx\"\r\
\n:global ipddns [:resolve \$ddnshost];\r\
\n:global ipfresh [ /ip address get [/ip address find interface=\$theinter\
face ] address ]\r\
\n:if ([ :typeof \$ipfresh ] = nil ) do={\r\
\n:log info (\"dynu: No ip address on \$theinterface .\")\r\
\n} else={\r\
\n:for i from=( [:len \$ipfresh] - 1) to=0 do={\r\
\n:if ( [:pick \$ipfresh \$i] = \"/\") do={\r\
\n:set ipfresh [:pick \$ipfresh 0 \$i];\r\
\n}\r\
\n}\r\
\n:if (\$ipddns != \$ipfresh) do={\r\
\n:log info (\"dynu: IP-dynu = \$ipddns\")\r\
\n:log info (\"dynu: IP-Fresh = \$ipfresh\")\r\
\n:log info \"dynu: Update IP needed, Sending UPDATE...!\"\r\
\n:global str \"/nic/update\?hostname=\$ddnshost&myip=\$ipfresh\"\r\
\n/tool fetch address=api.dynu.com src-path=\$str mode=http user=\$ddnsuse\
r password=\$ddnspass dst-path=(\"/Dynu.\".\$ddnshost)\r\
\n:delay 1\r\
\n:global str [/file find name=\"Dynu.\$ddnshost\"];\r\
\n/file remove \$str\r\
\n:global ipddns \$ipfresh\r\
\n:log info \"dynu: IP updated to \$ipfresh!\"\r\
\n} else={\r\
\n:log info \"dynu: dont need changes\";\r\
\n}\r\
\n}"

/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Sun Apr 24, 2022 1:55 am

"Multiple Routing Tables"? Where? If you did have more and use magle rules for them, it could be conflict with FastTrack. But I see only one.
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Sun Apr 24, 2022 1:16 pm

Hi, Thanks for answering
There are dynamic Routes

# DST-ADDRESS GATEWAY DISTANCE
DAm 0.0.0.0/0 lte1 2
DAc 172.16.5.0/24 WG-WIEN 0 - Route Wireguard
DAc 178.113.22.90/32 lte1 0 - Lte Internet
DAc 192.168.0.0/24 wien-netz 0 - Local Route for eth5
DAc 192.168.80.0/24 bridge 0 - Dhcp Bridge Route
0 As 192.168.85.0/24 WG-WIEN 1 - Second Router Bridge Route
My problem is there are too many packets loss.
FastTrack is disabled.
How to use mangle rules?
I have that for :
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=wien-netz new-routing-mark=main passthrough=yes
Packet loss between 192.168.0.0/24 and 192.168.80.0/24 or bridge and wien-net / eth1 and eth5
Thanks
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Sun Apr 24, 2022 7:35 pm

It's just routes, not routing tables. And you're talking about forwading between two local interfaces, whole WG and another router seem completely irrelevant. I don't understand what you're trying to do with mangle rule. Also bridge wien-netz with single port seems useless, you could just use ether5 directly (but it's not breaking anything).
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Mon Apr 25, 2022 2:52 pm

Yes that is true,
One network is on Bridge / or eth1 192.168.80.1/24
the other is client dhcp on eth5 192.168.0.15/24
I can ping 192.168.0.15 but not the entire network.
---------------
super easy
chain=dstnat action=dst-nat to-addresses=192.168.0.15 dst-address=192.168.0.0/24 log=no log-prefix=

------------------
Back to square one
----------------
I don't want NAT :)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Mon Apr 25, 2022 6:16 pm

You lost me. What's the idea now? This dstnat rule changes any destination 192.168.0.x to 192.168.0.15. So if you try to ping e.g. 192.168.0.100, it will ping 192.168.0.15. You won't be able to reach any other 192.168.0.x.
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Tue Apr 26, 2022 9:59 am

Unfortunately, I didn't express myself very clearly
Image
Network 192.168.0.0 does not belong to Mikrotik, it is just a client.
I need access to all elements from the network 2
Through 192.168.0.15 i need to have access to ip 192.168.0.141 from network 192.168.80.0/24
Doing nat is out of the question.
ping from src-addr = 192.168.0.15 to address = 192.168.0.141 and vice versa would be important.
On 192.168.80.254, there is a server that needs to communicate with 192.168.0.141, both directions.
thanks
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Tue Apr 26, 2022 4:11 pm

You already have NAT, masquerade for anything from 192.168.80.0/24. So if you're connecting from 192.168.80.x to 192.168.0.141, it will have the source changed to 192.168.0.15. It's either that, or you'd need to tell devices in 192.168.0.0/24 network where to find your 192.168.80.0/24, using either static route on their gateway 192.168.0.254, or static routes on individual devices.
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Wed Apr 27, 2022 3:46 pm

That's how it worked - NAT
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=src-nat to-addresses=192.168.0.15(dhcp ip/client for second network) src-address=192.168.80.254(server ip) dst-address=192.168.0.141(second network server ip)
samba share does not work with dst-nat

no additional route... just dynamic
Thanks.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Wed Apr 27, 2022 4:53 pm

You don't need another srcnat, this one already covers it:
/ip firewall nat
add action=masquerade chain=srcnat comment="Router WIEN" src-address=192.168.80.0/24
And why shouldn't Samba share work with dstnat? Right now I don't have one at hand, but it works with Windows, so it should be the same.
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Wed Apr 27, 2022 5:15 pm

I get this error
Unable to find suitable address
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Wed Apr 27, 2022 5:29 pm

Few more details would be nice, what exactly you do, what exact rule(s) you added, etc.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multiple Routing Tables - Packet Loss between networks

Wed Apr 27, 2022 5:53 pm

I think he was typing out loud, no request etc........
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Thu Apr 28, 2022 10:05 am

ip firewall filter

D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

;;; defconf: accept established,related,untracked
chain=input action=accept
connection-state=established,related,untracked

;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""



chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""

;;; Wireguard
chain=input action=accept protocol=udp dst-port=51194 log=no
log-prefix=""

;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""

;;; defconf: accept established,related, untracked
chain=forward action=accept
connection-state=established,related,untracked log=no log-prefix=""


X ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

X ;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes
connection-state=established,related log=no log-prefix=""

;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""

;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""

;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""

;;; Drop incoming packets that are not NAT`ted
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=lte1 log=yes
log-prefix="!NAT"

;;; Drop incoming from internet which is not public IP
chain=forward action=drop src-address-list=not_in_internet
in-interface=lte1 log=yes log-prefix="!public"
ip firewall nat

Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
chain=dstnat action=dst-nat to-addresses=192.168.0.19 src-address=192.168.80.254 dst-address=192.168.0.141 log=no log-prefix="


OMV Openmediavault remote mount on 192.168.80.254 share from 192.168.0.141 it does not work
CIFS: Attempting to mount //192.168.0.141/wienzfs
CIFS: VFS: Error connecting to socket. Aborting operation.
CIFS: VFS: cifs_mount failed w/return code = -111
mount[1618]: Unable to find suitable address.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Thu Apr 28, 2022 6:06 pm

That's probably expected, because your dstnat rule redirects all connections from 192.168.80.254 to 192.168.0.141 and makes them go to 192.168.0.19 instead.
 
johnnyto1979
just joined
Topic Author
Posts: 8
Joined: Fri Aug 21, 2020 2:15 pm

Re: Multiple Routing Tables - Packet Loss between networks

Thu Apr 28, 2022 8:09 pm

Yes, but 19 is dhcp client and the way out.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple Routing Tables - Packet Loss between networks

Thu Apr 28, 2022 11:14 pm

That may be, but dstnat changes destination address, so if you want to connect from 192.168.80.254 (client) to 192.168.0.141 (server), you don't need any dstnat rule. You would need dstnat rule, if you wanted to connect from 192.168.0.141 (client) to 192.168.80.254 (server). Such rule would be:
/ip firewall nat
add chain=dstnat dst-address=192.168.0.x action=dst-nat to-addresses=192.168.80.254
Where 192.168.0.x is what this router gets from DHCP (you'd use that as server address). But since that may not be static, more reliable rule would be:
/ip firewall nat
add chain=dstnat in-interface=wien-netz dst-address-type=local action=dst-nat to-addresses=192.168.80.254

Who is online

Users browsing this forum: No registered users and 18 guests