Hi xt22, have you created the FILTER and NAT rules? Could print it for us?
One good shot is remove tunnel settings and add it again, but if there is more than 3 or 5 tunnels, this could be awful.

Hello, sorry for delayed reply. It is working properly now, I've entered in contact with mikrotik support and they said I was missing src-nat rule below. /ip firewall nat add chain=srcnat action=accept src-address=Local-Public-Address dst-address=Remote-Public-Address place-before=0 Thanks for all r...

Hello, I don't know if I'll give you the best option. To do a dynamically failover between two sites I would recommend you to set up GRE+IPSec tunnels. Using this you will be able to let the OSPF take care of your routes. But if you do not use OSPF, have you tried use "check-ping" option o...

Hi Zondai1, Let me understand a little more, you are trying to create a port forwarding to access you DVR from remote location, aren't you? If, you are, you do not need srcnat to create port forward to your DVR. Add the rule bellow: ip firewall nat add chain=dstnat action=dst-nat to-addresses=YOUR-D...

merlinios, have you created src nat and filter rules? You must create the following rules: Filter Rules: ip firewall filter add chain=input action=accept src-address=REMOTE-PUBLIC-IP dst-address=LOCAL-PUBLIC-IP log=no log-prefix="" add chain=forward action=accept src-address=LOCAL-PRIVATE-...

Hello everyone, I have 3 ipsec tunnels configured, all of them was working properly until my internet link failed, 10 days ago. When the internet link has came back 2 tunnels were reestablished and are working properly, but one didn't. I've flush installed SAs and killed Peers connections, but didn'...

rp-filter: strict

That's it, try "loose".

Maaan you are the best!!!
I've just switched to loose and it works!!!

Thanks a lot Sob

This reminds me of something... did you by any chance do anything in "/ip settings", specifically with "rp-filter" option? I don't, at least. But here are my confs: ip-forward: yes send-redirects: yes accept-source-route: no accept-redirects: no secure-redirects: yes rp-filter: ...

If you suspect that router might be getting lost in different routing tables, you can use rules like this, to make sure that it uses the right one for selected destination: /ip route rule add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main No success :( Listed below are the log ab...

Or it can be blocked by firewall filter. No, there is no rule blocking! :? And to make sure, I have created a filter rule, that log traffic foward on port 3389 to my server IP, but no packets were registered. But, when I make a connection to the server from local network, the packets were registere...

Analyzing with Torch, I found something that is strange. The traffic arrives in WAN2_interface, but it doesn't arrive in DMZ_interface (which is where the server is plugged). Even if I disable mangles rules, the traffic still not arriving in DMZ_interface. It seems like if the router doesn't know wh...

Read this: viewtopic.php?f=2&t=102483&p=509070&hilit=port#p508981
and setup proper rules for both WANs.

Thanks, I will.

And what exactly doesn't work? On first look, access to router should work from WAN1 and if you remove out-interface=eth4_Wan_Net from mangle rule #2, it should then work for WAN2 too. Dstnat for RDP port is limited to WAN2, so either duplicate the rule for WAN1, or replace in-interface=wan2 with d...

Hello everybody, I've been searching about my problem here, but unfortunately any topic could help me, I've tried everything that I found. So, my current scenario is: Link!! Wan1 = 1.1.1.1 Wan2 = 2.2.2.2 Server= 192.168.0.2 What I need is: The server (192.168.0.2) has nat rule to forward 3389 port, ...