WAN1 - Ether1 Static Public IP 1.1.1.1
WAN2 - Ether2 Static Public IP 2.2.2.2
LAN1 - Ether6 10.0.15.0/24
LAN2 - Ether7 10.0.25.0/24
LAN3 - Not in use 192.168.1.0/24
VPN - 192.168.89.0/24
VLAN110 Not in use
VLAN2 Not in use
I have a server on LAN1 being accessed from WAN1. No other devices on LAN1
Devices on LAN2 cannot access server on LAN1 via WAN1. If i am connected to the internet via any means other than the Mikrotik router I can access the server.
All the guides I have found have been about being on the same LAN as the server but I am not. Therefore, I'm stuck. All suggestions are welcome.
Thank you
Code: Select all
# apr/11/2024 11:10:14 by RouterOS 6.48.6
# software id = 4CHZ-D7MN
#
# model = RB2011UiAS
# serial number = HCJ08AG88V6
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether6 ] name=ether6-LAN1
set [ find default-name=ether7 ] name=ether7-LAN2
/interface vlan
add interface=ether7-LAN2 name=vlan2 vlan-id=2
add interface=ether7-LAN2 name=vlan110 vlan-id=110
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.15.100-10.0.15.150
add name=dhcp_pool1 ranges=10.0.25.100-10.0.25.150
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=dhcp_pool5 ranges=10.0.25.100-10.0.25.254
add name=dhcp_pool6 ranges=192.168.1.1-192.168.1.254
add name=dhcp_pool7 ranges=192.168.110.100-192.168.110.254
add name=dhcp_pool8 ranges=192.168.1.100-192.168.1.254
add name=dhcp_pool9 ranges=192.168.2.100-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether6-LAN1 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether7-LAN2 name=dhcp2
add address-pool=dhcp_pool7 disabled=no interface=vlan110 name=dhcp3
add address-pool=dhcp_pool9 disabled=no interface=vlan2 name=dhcp4
/ppp profile
set *FFFFFFFE dns-server=10.0.15.1 local-address=192.168.89.1 remote-address=\
vpn
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=ether1-WAN1 list=WAN
add list=LAN
add interface=ether2-WAN2 list=WAN
add interface=ether6-LAN1 list=LAN
add interface=ether7-LAN2 list=LAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.0.15.1/24 interface=ether6-LAN1 network=10.0.15.0
add address=10.0.25.1/24 interface=ether7-LAN2 network=10.0.25.0
add address=192.168.1.1/24 disabled=yes interface=ether7-LAN2 network=\
192.168.1.0
add address=192.168.110.1/24 interface=vlan110 network=192.168.110.0
add address=192.168.1.1/24 disabled=yes interface=ether7-LAN2 network=\
192.168.1.0
add address=192.168.2.1/24 interface=vlan2 network=192.168.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=ether1-WAN1
add disabled=no interface=ether3
add disabled=no interface=ether2-WAN2
/ip dhcp-server network
add address=10.0.15.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.15.1
add address=10.0.25.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.25.1
add address=10.0.25.1/32 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.25.1 \
netmask=24
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.110.0/24 gateway=192.168.110.1
/ip firewall address-list
add address=10.0.15.0/24 list=LAN
add address=1.1.1.1 list=WAN
/ip firewall mangle
add action=accept chain=prerouting comment="Allow ping gateway LAN2" \
dst-address=10.0.25.1 src-address=10.0.25.0/24
add action=mark-routing chain=prerouting comment="LAN1 go to WAN1" \
new-routing-mark=LAN1_TO_WAN1 passthrough=yes src-address=10.0.15.0/24
add action=mark-routing chain=prerouting comment="LAN2 go to WAN2" \
new-routing-mark=LAN2_TO_WAN2 passthrough=yes src-address=10.0.25.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\
10.0.15.0/24 src-address=10.0.15.0/24
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=443 protocol=\
tcp to-addresses=10.0.15.10 to-ports=443
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=5060-5080 \
protocol=tcp to-addresses=10.0.15.10 to-ports=5060-5080
add action=dst-nat chain=dstnat comment="Used for Telnyx IP Auth Connections" \
dst-address-list=WAN dst-port=5080 protocol=udp to-addresses=10.0.15.10 \
to-ports=5080
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=80 protocol=tcp \
to-addresses=10.0.15.10 to-ports=80
add action=masquerade chain=srcnat comment="masq. vpn traffic" dst-address=\
10.0.15.0/24 src-address=192.168.89.0/24
add action=masquerade chain=srcnat out-interface=ether2-WAN2
add action=dst-nat chain=dstnat disabled=yes dst-address-list="" dst-port=\
16384-32768 protocol=udp to-addresses=10.0.15.10 to-ports=16384-32768
/ip route
add disabled=yes distance=1 gateway=isp.gat.ewa.y11 routing-mark=LAN1_TO_WAN1
add distance=1 gateway=isp.gat.ewa.y11 routing-mark=LAN2_TO_WAN2
add check-gateway=ping distance=1 dst-address=10.0.15.1/32 gateway=10.0.15.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ppp secret
add name=vpn
/system clock
set time-zone-name=America/Vancouver
/system identity
set name=RouterOS
/tool sniffer
set file-name=sniff filter-stream=yes streaming-enabled=yes streaming-server=\
192.168.89.254
