Answer the question
In order to leave comments, you need to log in
R
R
ruskella2016-09-25 12:54:37
ruskella, 2016-09-25 12:54:37
How to forward a port in MikroTiK using multiple providers?
Hello.
I set up MikroTiK by publishing: geektimes.ru/post/186284 and there was a problem with port forwarding, no response is returned for a non-priority provider (or maybe another problem) until the priority provider is down.
What it manifests itself in:
if you connect with RAdmin, then you are prompted to enter a login and password, I enter it, then the RAdmin logo. The logo disappears and that's it, there is no desktop, apparently, the connection has been dropped.
The situation is similar with OpenVPN, there is a problem with TLS.
ether1 - fast connection, but VPN hangs on ether2 - slower connection, so in routes, the distance is higher (for normal connections)
in general:
/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; (ISP1)
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
1 ;;; (ISP 2)
chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix=""
2 I ;;; USB Modem
;;; Huawei not ready
chain=srcnat action=masquerade out-interface=Huawei log=no log-prefix=""
3 ;;; OpenVPN
chain=dstnat action=netmap to-addresses=192.168.1.25 to-ports=1194 protocol=udp dst-address-list=Gateway dst-port=1194 log=no log-prefix=""
4 ;;; RAdmin
chain=dstnat action=netmap to-addresses=192.168.1.1 to-ports=4899 protocol=tcp in-interface=ether2 dst-port=4899 log=no
log-prefix=""/ip firewall mangle print where disabled=no
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=ISP 1 -> Input passthrough=no dst-address=xx.xx.xx.246 in-interface=ether1
log=no log-prefix=""
1 chain=output action=mark-routing new-routing-mark=ISP 1 passthrough=no connection-mark=ISP 1 -> Input log=no log-prefix=""
2 chain=input action=mark-connection new-connection-mark=ISP 2 -> Input passthrough=no dst-address=xx.xx.xx.21 in-interface=ether2
log=no log-prefix=""
3 chain=output action=mark-routing new-routing-mark=ISP 2 passthrough=no connection-mark=ISP 2 -> Input log=no log-prefix=""
4 ;;; T
chain=prerouting action=mark-routing new-routing-mark=T passthrough=no src-address-list=LocalNet dst-address-list=T-Adresses log=no log-prefix=""
5 chain=prerouting action=mark-routing new-routing-mark=Office 1 passthrough=no src-address=192.168.1.0/24 dst-address-list=!LocalNet log=no log-prefix=""/ip route print where disabled=no
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 xx.xx.xx.1%ether1 10
1 A S 0.0.0.0/0 xx.xx.xx.254%... 11
2 A S 0.0.0.0/0 xx.xx.xx.1%ether1 10
3 S 0.0.0.0/0 xx.xx.xx.254%... 11
4 A S 0.0.0.0/0 xx.xx.xx.254%... 11
5 A S ;;; ethernet mikrotik
0.0.0.0/0 xx.xx.xx.1%ether1 1
6 S ;;; ethernet mikrotik
0.0.0.0/0 xx.xx.xx.254%... 2
7 A S 8.8.4.4/32 xx.xx.xx.254%... 1
8 A S 8.8.8.8/32 xx.xx.xx.1%ether1 2
9 A S ;;; OVPN
10.20.30.0/24 192.168.1.25 1
10 ADC xx.xx.xx.0/24 xx.xx.xx.21 ether2 0
11 ADC xx.xx.xx.0/24 xx.xx.xx.246 ether1 0
12 ADC 192.168.1.0/24 192.168.1.111 bridge2 0
13 ADC 192.168.1.0/24 192.168.1.88 bridge2 0
14 A S 172.27.0.0/16 192.168.1.25 1
15 DC 192.168.11.0/24 192.168.11.1 Guest 255 3 answer(s)
@POS_troi
@pfff812
T
TyzhSysAdmin, 2016-09-25 @POS_troi
Look at this topic on the forum forummikrotik.ru/viewtopic.php?t=5183
M
Max, 2016-09-26 @pfff812
The link above is correct. Essentially: 1) label the connections at the input. 2) Put a route label 3) add a route with the desired route label to the desired provider.
Similar questions
A
J
D
G
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question