Dual wan port port forwarding issue.
Currently, I have two isp carriers, and when I use one of the ISP carriers to connect to the intranet service port via public IP, both IPs cannot pass through at the same time, let's say, when using the IP provided by a and port forwarding, b cannot access the intranet port. Especially when I use ddns, I can't open the intranet service from time to time when I resolve different operators. What is the problem? Here is the configuration file exported from the router
Last edited by camg on Thu Mar 02, 2023 6:25 pm, edited 1 time in total.
Re: Dual wan port port forwarding issue.
Don't you have/need firewall rules?
Did you set up hairpin NAT properly?
https://help.mikrotik.com/docs/display/ ... HairpinNAT
Did you set up hairpin NAT properly?
https://help.mikrotik.com/docs/display/ ... HairpinNAT
Re: Dual wan port port forwarding issue.
Concur, wont even comment on rest of config until firewall rules are in place. I dont support unsafe configs LOL.
Re: Dual wan port port forwarding issue.
This is my firewall set nat rules, for the time being do not understand where the failure
Code: Select all
/ip firewall mangle
add action=mark-connection chain=input comment=LT_conn_mark connection-mark=\
no-mark in-interface=pppoe_LT new-connection-mark=LT_conn passthrough=yes
add action=mark-connection chain=input comment=DX_conn_mark connection-mark=\
no-mark in-interface=pppoe_DX new-connection-mark=DX_conn passthrough=yes
add action=mark-routing chain=output comment=to_LT connection-mark=LT_conn \
new-routing-mark=to_LT passthrough=yes
add action=mark-routing chain=output comment=to_DX connection-mark=DX_conn \
new-routing-mark=to_DX passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT_DX out-interface=pppoe_DX
add action=masquerade chain=srcnat comment=NAT_LT out-interface=pppoe_LT
add action=dst-nat chain=dstnat comment="port forwarding 5900" dst-port=5900 \
in-interface=pppoe_LT protocol=tcp to-addresses=223.255.255.10 to-ports=\
5900
add action=dst-nat chain=dstnat comment="port forwarding 5900" dst-port=5900 \
in-interface=pppoe_DX protocol=tcp to-addresses=223.255.255.10 to-ports=\
5900
add action=dst-nat chain=dstnat comment="port forwarding 80" dst-port=80 \
in-interface=pppoe_LT protocol=tcp to-addresses=223.255.255.2 to-ports=80
add action=dst-nat chain=dstnat comment="port forwarding 80" dst-port=80 \
in-interface=pppoe_DX protocol=tcp to-addresses=223.255.255.2 to-ports=80
add action=dst-nat chain=dstnat comment="port forwarding 22" dst-port=22 \
in-interface=pppoe_LT protocol=tcp to-addresses=223.255.255.246 to-ports=22
add action=dst-nat chain=dstnat comment="port forwarding 22" dst-port=22 \
in-interface=pppoe_DX protocol=tcp to-addresses=223.255.255.246 to-ports=22 Re: Dual wan port port forwarding issue.
Each of my isp's is followed by a nat rule
Re: Dual wan port port forwarding issue.
I dont play the game of chasing and as the config usually is not best parsed but consumed whole, for understanding, snippets hold no interest.
Re: Dual wan port port forwarding issue.
I think I've figured out where my trouble spots are, I set up dual isp carriers and set up a routing policy to go in and out from wherever. I think the point of failure should be here to cause the failure of different carriers pinging each other with different IPs. After setting the policy from where to enter from where to exit, how can I add a policy to set different carriers to ping through?I dont play the game of chasing and as the config usually is not best parsed but consumed whole, for understanding, snippets hold no interest.
Who is online
Users browsing this forum: almdandi, Amazon [Bot] and 28 guests