Community discussions

MikroTik App
  4. RouterOS
  5. General

Can't make Port FWD for multiple IP's

Post Reply
 
norenberg
newbie
Topic Author
Posts: 49
Joined: Mon Nov 23, 2009 2:26 am

Can't make Port FWD for multiple IP's

Thu Sep 27, 2012 8:01 am

I have multiple public IP's and I have NAT port forwarding for multiple services.
When I input a new WAN IP and route it ie a PPPoEout connection, it drops the NAT for all the others.

For instance, if I have this:

Code: Select all
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          10.0.0.2                  5
 1   S  0.0.0.0/0                          202.1XX.5x.X              5
 2 X S  0.0.0.0/0                          192.168.3.1               5
 3 ADS  0.0.0.0/0                          2XX.8X.5x.1               1  ALL SERVICES NAT TO THIS
So, say that I add a new PPPoE OUT connection:
Code: Select all
 1 A S  0.0.0.0/0                          203.1xx.5x.1              5
I can't make any NAT through this one above. Can't ping from external, can't do anything.
And if I mark "Add Default Route" I can ping from outside but it kills all the other PPTP and NAT's port fwd from the 202.1XX.5x.X , for example:
Code: Select all
13 X ;;; Backup
     chain=dstnat action=dst-nat to-addresses=192.168.1.20 to-ports=80 
     protocol=tcp dst-address=202.1XX.5x.X  dst-port=8080
This stops working.


Any clue on why is this happening?

Cheers
Top
 
norenberg
newbie
Topic Author
Posts: 49
Joined: Mon Nov 23, 2009 2:26 am

Re: Can't make Port FWD for multiple IP's

Thu Sep 27, 2012 11:54 pm

Was my question understandable?
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Can't make Port FWD for multiple IP's

Fri Sep 28, 2012 12:16 pm

paste more configuration as it is not clear what ou have set up where. what masquerade (srcnat) you have.have.
Top
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 118
Joined: Tue Sep 15, 2009 6:01 pm

Re: Can't make Port FWD for multiple IP's

Fri Sep 28, 2012 12:35 pm

Post the output of /ip firewall nat print for us please.

Also, you an only have one default gateway unless you label traffic and then route by label. This is the only way, that I'm aware of, to have multiple default gateways at once.

Having two default gateways will result in only one of them being used.
Top
 
norenberg
newbie
Topic Author
Posts: 49
Joined: Mon Nov 23, 2009 2:26 am

Re: Can't make Port FWD for multiple IP's

Fri Sep 28, 2012 5:30 pm

Thanks everyone for the reply.
AnRkey
This makes sense, I do use marked routes, but someone has done this for me.
Now I need to be onsite to check this out (I don't wanna risk to do it remotely.)
paste more configuration as it is not clear what ou have set up where. what masquerade (srcnat) you have.have.
I use masquerade for hotspots and multiple VLANs but I believe routing-marks will be the culprit.

I will post the follow-up here for reference.

cheers
Top
 
norenberg
newbie
Topic Author
Posts: 49
Joined: Mon Nov 23, 2009 2:26 am

Re: Can't make Port FWD for multiple IP's

Tue Oct 23, 2012 5:44 am

Ok, I am using route marks and I can get the outgoing connection to work fine.
However, I still not able to make the IP to respond to incoming connections.

Any advice?
Code: Select all
 1   chain=prerouting action=mark-routing new-routing-mark=residential 
     passthrough=yes src-address-list=pppoe dst-address-list=!local
Code: Select all
;;; Backup VDSL
     chain=dstnat action=dst-nat to-addresses=192.168.1.20 to-ports=80 
     protocol=tcp dst-address=203.171.5X.XXX routing-mark=residential 
     dst-port=8080
I just can't connect to the port 8080 :(

Cheers, thanks for any advice.
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Can't make Port FWD for multiple IP's

Tue Oct 23, 2012 12:32 pm

if yo have several WAN connections and you want to use them both then

1. mark routing, so traffic knows where to go out, like some load balancing (seems you have this)
2. you have to mark incoming connections and assign them wan routing marks so packets that came it WAN1 will go out WAN1 not any other of available WAN interfaces
3. if you want NAT to specific addresses you can use 1 to 1 map or use specific source nat rule to NAT specific addresses to specific global address.
Top
 
norenberg
newbie
Topic Author
Posts: 49
Joined: Mon Nov 23, 2009 2:26 am

Re: Can't make Port FWD for multiple IP's

Tue Oct 23, 2012 11:14 pm

if yo have several WAN connections and you want to use them both then

1. mark routing, so traffic knows where to go out, like some load balancing (seems you have this)
2. you have to mark incoming connections and assign them wan routing marks so packets that came it WAN1 will go out WAN1 not any other of available WAN interfaces
3. if you want NAT to specific addresses you can use 1 to 1 map or use specific source nat rule to NAT specific addresses to specific global address.
Thanks for your reply.

I'd like to make a port mapping. Do you mean:
Code: Select all
 chain=srcnat action=src-nat to-addresses=203.171.5X.XXX to-ports=8080 
     protocol=tcp src-address=192.168.1.20 routing-mark=residential src-port=80
tried this but still didn't work
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Can't make Port FWD for multiple IP's

Wed Oct 24, 2012 9:05 am

here you can read about 1 to 1 mapping and how that operates:
http://wiki.mikrotik.com/wiki/Manual:IP ... :1_mapping
Top
 
norenberg
newbie
Topic Author
Posts: 49
Joined: Mon Nov 23, 2009 2:26 am

Re: Can't make Port FWD for multiple IP's

Thu Oct 25, 2012 11:30 pm

Your docs appear to have wrong information (replace ips for the real ones):
Code: Select all
/ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254 \
	action=netmap to-addresses=2.2.2.1-2.2.2.254
failure: netmap action requires to-address be whole network
Managed to netmap anyway:
Code: Select all
23   ;;; Netmap
     chain=dstnat action=netmap to-addresses=192.168.1
     dst-address=202.171.XXX.1-202.171.XXX.254 routing-mark=residential

24   chain=srcnat action=netmap to-addresses=203.171.5
     routing-mark=residential
And, guess what? Still not working.
No ping, no access from external. DST-NAT won't work.

Any ideas?

Thanks
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Can't make Port FWD for multiple IP's

Fri Oct 26, 2012 8:27 am

this will work for example ip addresses from manual.
Code: Select all
/ip firewall nat add chain=srcnat src-address=2.2.2.0/24 \
action=netmap to-addresses=11.11.11.0/24

/ip firewall nat add chain=dstnat src-address=11.11.11.0/24 \
action=netmap to-addresses=11.11.11.0/24
updated manual to reflect on changes that where done

this will work:
Code: Select all
/ip firewall nat add chain=dstnat dst-address=11.11.11.0-11.11.11.255 \
	action=netmap to-addresses=2.2.2.0-2.2.2.255

/ip firewall nat add chain=srcnat src-address=11.11.11.0-11.11.11.255 \
	action=netmap to-addresses=2.2.2.0-2.2.2.255
idea behind is that x.x.x.0/24 translates to x.x.x.0-x.x.x.255 since /24 includes x.x.x.0 and x.x.x.255 and these addresses are perfectly fine for example, when pppoe is used and tunnel remote address is x.x.x.0/32 or x.x.x.255/32 or something that we are more used to as x.x.x.254/32
Top
Post Reply

Who is online

Users browsing this forum: johnson73 and 52 guests
  4. RouterOS
  5. General