Community discussions

MikroTik App
  4. RouterOS
  5. General

multiple WAN IP nothing fancy

Post Reply
 
User avatar
rilliam
newbie
Topic Author
Posts: 48
Joined: Thu Mar 12, 2009 7:34 pm

multiple WAN IP nothing fancy

Wed May 22, 2013 5:33 pm

I would like to assign two WAN IPs and perform port forwarding for a few services to different servers on my internal network. The configuration I have seems to work however I cannot use the same port going out. For example: I want to use 3389 to RDP to a server outside the company to another company, it just times out like the router is dropping the packet somewhere. But I can 3389 into this mikrotik from outside into the internal server I have setup.

Thanks!

Here is my configuration:
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    no out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment="HTTPS" \
    disabled=no dst-address=10.14.24.250 dst-port=443 protocol=tcp \
    to-addresses=192.168.0.79 to-ports=443
add action=dst-nat chain=dstnat comment="RDP" disabled=no \
    dst-port=4001 protocol=tcp to-addresses=192.168.0.79 to-ports=3389
add action=dst-nat chain=dstnat comment="RDP" disabled=no dst-port=\
    3389 protocol=tcp to-addresses=192.168.0.13 to-ports=3389
add action=dst-nat chain=dstnat comment= disabled=no dst-port=25 \
    protocol=tcp to-addresses=192.168.0.12 to-ports=25
add action=dst-nat chain=dstnat disabled=no dst-port=587 protocol=tcp \
    to-addresses=192.168.0.12 to-ports=587
add action=dst-nat chain=dstnat disabled=no dst-port=443 protocol=tcp \
    to-addresses=192.168.0.12 to-ports=443
add action=dst-nat chain=dstnat disabled=no dst-port=143 protocol=tcp \
    to-addresses=192.168.0.12 to-ports=143
Code: Select all
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.14.24.254 \
    scope=30 target-scope=10
Code: Select all
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
    connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
    in-interface=ether1-gateway
Code: Select all
/ip address
add address=192.168.0.1/24 comment="default configuration" disabled=no \
    interface=bridge-local network=192.168.0.0
add address=10.14.24.249/29 disabled=no interface=ether1-gateway network=\
    10.14.24.248
add address=10.14.24.250/29 disabled=no interface=ether1-gateway network=\
    10.14.24.248
Code: Select all
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
    backbone type=default
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
Code: Select all
/interface bridge
add admin-mac=D4:CA:6D:4A:85:A2 ageing-time=5m arp=enabled auto-mac=no \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge-local priority=0x8000 protocol-mode=rstp transmit-hold-count=\
    6
/interface bridge port
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether6-master-local path-cost=10 point-to-point=auto priority=\
    0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: multiple WAN IP nothing fancy

Wed May 22, 2013 5:57 pm

I For example: I want to use 3389 to RDP to a server outside the company to another company, it just times out like the router is dropping the packet somewhere. But I can 3389 into this mikrotik from outside into the internal server I have setup.
Not sure about what you mean here but do you want to do this:

A > B > C

Where A is an RDP client somewhere on the internet, B is the routerboard and C is an RDP server somewhere else on the internet?

If so - have a look at this thread for a start:

http://forum.mikrotik.com/viewtopic.php?f=2&t=71231
Top
 
User avatar
rilliam
newbie
Topic Author
Posts: 48
Joined: Thu Mar 12, 2009 7:34 pm

Re: multiple WAN IP nothing fancy

Wed May 22, 2013 6:43 pm

No - but thanks for the reply.

What I want to do is port forward. That is it. I have multiple WAN IPs and I just need to port forward a few services to servers using those WAN IPs.

The problem I am having is that I cannot use the same port to connect out of the network from a different machine. It seems like the port forward rule I added will drop anything but the port forward rule.

Example: I am trying to connect to port 443 from my laptop inside the network to a web server outside the network, it just times out.

Thanks
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: multiple WAN IP nothing fancy

Wed May 22, 2013 7:07 pm

You need to limit the likes of the rule below to apply to traffic to a particular destination IP or to a particular in-interface - i.e. the WAN interface.
Code: Select all
add action=dst-nat chain=dstnat disabled=no dst-port=443 protocol=tcp \
    to-addresses=192.168.0.12 to-ports=443
Top
Post Reply
  4. RouterOS
  5. General