All configured as written in many manuals but connection working only from lan
I have missed some firewall rule or NAT ? what i need to do to connect to PPTP from outter internet ?
Code: Select all
export compact
# may/21/2015 11:48:36 by RouterOS 6.27
/interface bridge
add name=LANWAN
/interface ethernet
set [ find default-name=ether1 ] comment=ISP1
set [ find default-name=ether2 ] comment=ISP2
set [ find default-name=ether3 ] comment=LAN
set [ find default-name=ether4 ] comment=WAN
/ip neighbor discovery
set ether1 comment=ISP1
set ether2 comment=ISP2
set ether3 comment=LAN
set ether4 comment=WAN
/ip pool
add name=dhcp ranges=192.168.30.50-192.168.30.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LANWAN lease-time=1d name=DHCP
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add local-address=192.168.30.1 name=pptp remote-address=192.168.30.40
/snmp community
add addresses=0.0.0.0/0 name=nemo
/interface bridge port
add bridge=LANWAN interface=ether3
add bridge=LANWAN interface=ether4
/interface l2tp-server server
set ipsec-secret=xxxxxxxxxxxxxx use-ipsec=yes
/interface pptp-server server
set default-profile=pptp enabled=yes
/ip address
add address=xxxxxxxxxxxxxx/29 interface=ether1 network=xxxxxxxxxxxxxx
add address=xxxxxxxxxxxxxx/30 interface=ether2 network=xxxxxxxxxxxxxx
add address=192.168.30.1/23 interface=LANWAN network=192.168.30.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.30.0/23 dns-server=xxxxxxxxxxxxxx gateway=192.168.30.1
/ip dns
set allow-remote-requests=yes servers=xxxxxxxxxxxxxx
/ip firewall address-list
add address=192.168.4.0/22 list=LocalNet
add address=192.168.30.0/23 list=LocalNet
add address=172.30.10.0/24 list=LocalNet
add address=192.168.0.0/23 list=LocalNet
add address=172.30.200.0/24 list=LocalNet
/ip firewall filter
add chain=input comment="Allow gre" protocol=gre
add chain=input comment="Allow port 1723" dst-port=1723 protocol=tcp
add chain=forward comment="Allow all subnets" dst-address-list=LocalNet \
src-address-list=LocalNet
add chain=input comment="Allow ping" protocol=icmp
add chain=forward protocol=icmp
add chain=input comment="Allow estabilished" connection-state=established
add chain=forward connection-state=established
add chain=input comment="Allow related" connection-state=related
add chain=forward connection-state=related
add chain=input comment="Allow UDP" protocol=udp
add chain=forward protocol=udp
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=drop chain=forward connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment=\
"Masquerade out traffic ISP1" out-interface=ether1
add action=masquerade chain=srcnat comment="ISP2" \
out-interface=ether2
add action=netmap chain=dstnat comment=\
"NAT to web server at Web PC" in-interface=all-ethernet \
protocol=tcp to-addresses=192.168.30.121 to-ports=80
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
/ip route
add check-gateway=ping comment="ISP1 Gateway" distance=1 gateway=\
xxxxxxxxxxxxxx
add check-gateway=ping comment="ISP2 Gateway" distance=2 gateway=\
xxxxxxxxxxxxxx
add comment="AMS1" distance=1 dst-address=172.30.10.0/23 gateway=\
192.168.30.31
add comment="AMS2" distance=1 dst-address=172.30.200.0/24 gateway=\
192.168.30.31
add comment="OFFICE1" distance=1 dst-address=192.168.0.0/23 gateway=\
192.168.30.31
add comment="OFFICE2" distance=1 dst-address=192.168.4.0/22 gateway=\
192.168.30.31
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl disabled=no
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=LANWAN type=internal
add interface=ether1 type=external
add interface=ether2 type=external
/ppp profile
set 2 local-address=1.89.168.192 remote-address=*3
/ppp secret
add local-address=192.168.30.1 name=vpnadm password=xxxxxxxxxxxxxx profile=pptp \
remote-address=192.168.30.42 service=pptp
