Wow! Thanks for the help!
Works great! The only thing I have changed, that I had to change the src-port insted of dst-port for the policies. But that's all!

Thanks again, you saved my night! :)

Zsolt

How did you add your ipsec policies? Can you please post your config? Thist is my policies config. This are different servers on the lan side and all configured as tunnels. Thanks for your help! :) [# jan/06/2021 15:39:55 by RouterOS 6.47.3 # software id = # # # /ip ipsec policy set 0 dst-address=0...

Dear all, I have the following problem: MTHOME - (WAN: x.x.x.10) LAN (192.168.93.0/24) server <----------(smtp-only)------> (through x.x.x.1) <----> CHR (WAN: x.x.x.1,x.x.x.2,x.x.x.3,x.x.x.4) I have a CHR with 4 IP and a home router with a dynamic IP. I have a mail server on the LAN. I need the mail...

It would be great to solve it by the way, to work from local also... But I will try to dig through on the routes.

Thanks again!

Zsolt

I owe you a beer at least! :) 1st of all, thank you for being so helpful! The problem was, that I was trying the dst-nat rule from local network, going out through the home router WAN interface (so the source ip was the ip of the WAN of the home router). Now it resulted, that all the packages like A...

Thanks for the hints! I had a mistake in my routing. Now I can ping my local lan from the CHR. (It is routing through the l2tp connection.) My CHR config: /ip firewall nat add action=dst-nat chain=dstnat comment="Nat to local ISPConfig" dst-address=78.xxx.xxx.230 dst-port=80 log=yes protoc...

If 192.168.181.5 is on CHR, then that's where you need to look for wrong srcnat/masquerade rule. You are right! There is a masquared for out-interface l2tp (this where the home router connects to.). But if I disable this, I won't be able to dst-nat to my home lan network. Or shoud I do it step by s...

As the wise man said ^^^. If it's only for mail server, you can keep the public address where it is and just use NAT and forward some ports. If you insist on having the public address directly on server, you can find some inspiration in Public IP over a tunnel thread. My problem with forwarding som...

Thanks for all the answers. Acutally, what I was looking for is routing a public ip to a server on LAN. Now I have managed to "partially" solve it, by a pptp connection. This is the scenario: Cloud hosted router Available WAN IPs: 37.xxx.xxx.249, 78.xxx.xxx.230, 78.xxx.xxx.231 WAN IP in us...

Hi! Maybe it sounds weird, but I would like to run a mail server behind nat. This case the mail server will only receive mails from the router IP address because of the NAT. In case I create an SRC-NAT, I can set the source IP for these packages whatever I set in the SRC-NAT rule, but this is a stat...

OK, stuck with this: /ipv6 address add address=2a01:4a0:4a:3c::35a4 interface=ether1 /ipv6 nd set [ find default=yes ] interface=ether1 mtu=1280 /ipv6 nd prefix add interface=ether1 prefix=2a01:4a0:4a::1/128 /ipv6 route add distance=0 dst-address=2000::/3 gateway=2a01:4a0:4a::1 add disabled=yes dist...

The static global address (fe80::216:3cff:feab:137d/64) has changed to dynamic local automaticaly and there's a new global address (2a01:4a0:4a:3c:216:3cff:feab:137d/64) added: /ipv6 address>> print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFA...

The service provider confirmed the settings should work.
Subnet Details
Subnet 2a01:4a0:4a:3c::/64
Gateway 2a01:4a0:4a::1
Nameserver 2001:4860:4860::8888
Nameserver 2001:4860:4860::8844

Address to use:
IP Addresses
2a01:4a0:4a:3c::35a4/64

Still investigating...

Could be that the problem is that I have IPv4 address (with ipv4 gateway) also configured on that ether1 interface?

Try disabling the gateway check on the static default route

Still unreachable... Now I have also asked the provider to confirm my ip settings.
I decided I won't sleep until it won't work. Or at least until I'll find out why it doesen't work.

You have a static route set for the gateway of 2a01:4a0:4a::1/128 istead of using the directly connected route. That forces the MT to use routing recursion which is not yet supported in RouterOS for IPv6. Try removing the static route and see if the defualt route for global unicast goes active. Sti...

For some reason, the route you have for 2000::/3 isn't active. Is the next hop reachable? This is the traceroute output: tool traceroute address=2001:4860:4860::8888 # ADDRESS LOSS SENT LAST AVG BEST WORST 1 100% 2 timeout 2 100% 2 timeout 3 100% 1 timeout 4 100% 1 timeout 5 100% 1 timeout But I ca...

what is the output of /ipv6 route print ? This is the output: ipv6 route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable # DST-ADDRESS GATEWAY DISTANCE 0 S 2000::/3 2a01:4a0:4a::1 1 1 A S 2a01:4a0:4a::1/128 ether1 1 2 ADC 2a01...

Did you add a default route ? Maybe if you show us an export of your /ipv6 that will help Yes, of course, here are my ipv6: /ipv6 address add address=2a01:4a0:4a:3c::35a4 interface=ether1 /ipv6 dhcp-client add disabled=yes interface=ether1 pool-name=pool request=prefix /ipv6 firewall filter add act...

Dear All, I have a hosted (VPS) mikrotik. I have an IPv6 address and gateway also, that I have received from the hosting provider. I would like to use that IPv6 address also next to the IPv4. I have assigned the IPv6 address to the ether1 (WAN) interface, added the IPv6 gateway to routing. Also set ...