Dear Sirs,
I'm having problem forwarding any dst-nat request to my exchange server inside and my scenario is the following
Two Mikrotik Routers (Firewall) and LAN
I have published MS Exchange server through the Mikrotik A (using DST-NAT) for the following ports: TCP (443, 25, 80) and the Exchange Gateway is the internal IP of Mikrotik A. (i.e: I access OWA by using webmail.xyz.com)
Now I have the other Mikrotik B which has another Internet connection and I also created a dst-nat rule to Exchange (backup access connection for HTTPS requests to Exchange server in case the connection on Mikrotik A fails for some reason) (i.e: I access OWA by using webmail2.xyz.com)
Everything is working perfectly through Mikrotik A. but I can't access OWA through Mikrotik B.
Inside Address on both mikrotik are the same subnet 192.168.0.0/24
Inside address for Mikrotik A: 192.168.0.254 and this IP is the gateway on Exchange server.
Inside address for Mikrotik B: 192.168.0.253.
Please advise.
Regards,
Re: Two Mikrotik and one LAN
It is urgent and any help is highly appreciated !
-
-
rickhodger
just joined
- Posts: 24
- Joined:
- Location: Belfast, UK
- Contact:
Re: Two Mikrotik and one LAN
This will not work. You have created a triangle route - when someone attempts to access the server through Mikrotik B, your exchange server is sending it's packets to Mikrotik A, which will then forward them on out to the internet through it's connection which will not work as the packet will then get NAT'd to the incorrect address. If you had both internet connections connected to the one Mikrotik I would imagine it could be made to work as then you would only have a single NAT table and would be able to use ECMP.Everything is working perfectly through Mikrotik A. but I can't access OWA through Mikrotik B.
Inside Address on both mikrotik are the same subnet 192.168.0.0/24
Inside address for Mikrotik A: 192.168.0.254 and this IP is the gateway on Exchange server.
Inside address for Mikrotik B: 192.168.0.253.
Re: Two Mikrotik and one LAN
Thank you for your prompt reply...
Any example would be amazing...
I will add another interface for the second WAN on Mikrotik A
Any example would be amazing...
I will add another interface for the second WAN on Mikrotik A
-
-
rickhodger
just joined
- Posts: 24
- Joined:
- Location: Belfast, UK
- Contact:
Re: Two Mikrotik and one LAN
Try the documentation on the PCC matcher. It should help you achieve what you are trying to do. http://wiki.mikrotik.com/wiki/PCC
Re: Two Mikrotik and one LAN
you may try to do the following:
on B:
/ip route add address=Exchange_address gateway=192.168.0.254
so that incoming requests from backup line were coming to server via router A.
then on A just mark incoming connections from internetA to server with mark1, and connections from LAN interface to server with mark2 (those will be connections from B). after that all replies with connection-mark2 send to B, not to internetA
something like this ))
on B:
/ip route add address=Exchange_address gateway=192.168.0.254
so that incoming requests from backup line were coming to server via router A.
then on A just mark incoming connections from internetA to server with mark1, and connections from LAN interface to server with mark2 (those will be connections from B). after that all replies with connection-mark2 send to B, not to internetA
something like this ))