Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
Buggy7772018-05-15 11:02:57
Computer networks
Buggy777, 2018-05-15 11:02:57

I can't figure out why mangle doesn't work?

You need to forward traffic from external ip chr to the host in the office.
There are 2 mikrotiks: office and chr on DO. In chr with a white ip, an l2tp server is configured, a route to the office network and port forwarding to one of the hosts in the office network:

/ip firewall nat add action=dst-nat chain=dstnat dst-port=80,443,222 in-interface=ether1 protocol=tcp to-addresses=192.168.1.10
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
/ ip route add check-gateway=ping distance=1 dst-address=192.168.1.0/24 gateway=l2tp-in1

There are 2 providers in the office Mikrotik, both with white ip, failover between them using mangle, l2tp tunnel to chr and address list with domains that you need to go to through chr:
/ip firewall address-list
add address=example.com list=list_to_vds
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=list_to_vds new-routing-mark=route_to_vds passthrough=yes
add action=mark- connection chain=forward in-interface=l2tp-out1 new-connection-mark=conn_in_vds passthrough=yes
add action=mark-routing chain=prerouting connection-mark=conn_in_vds new-routing-mark=route_to_vds passthrough=no
add action=mark- connection chain=input in-interface=bridge_wan_provider1 new-connection-mark=conn_in_provider1 passthrough=yes
add action=mark-connection chain=input in-interface=bridge_wan_provider2 new-connection-mark=conn_in_provider2 passthrough=yes
add action=mark-routing chain=output connection-mark=conn_in_provider1 new-routing-mark=route_to_provider1 passthrough=no
add action=mark-routing chain=output connection-mark=conn_in_provider2 new-routing-mark=route_to_provider2 passthrough=no
/ip route
add distance=1 gateway=l2tp-out1 routing-mark=route_to_vds
add check-gateway=ping distance=1 gateway=1.1.1.1 routing-mark=route_to_provider1
add check-gateway=ping distance=1 gateway=2.2.2.2 routing- mark=route_to_provider2

Here I don’t understand why traffic goes through port 80, but doesn’t go through ports 443 and 222? I tried temporarily disabling the firewall on both Mikrotiks - it did not help.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
D
DonorOfLove2021-05-07 22:50:15
How to align an icon to the bottom right corner? 4Reply
S
Stas =)2015-02-19 16:59:28
Is it realistic to use 802.11r in a subway tunnel? 1Reply
E
Evgeny Petryaev2019-07-22 12:26:56
How to get from network 192.168.1.0 to 192.168.0.3? 3Reply
B
bacalastein2017-02-23 18:51:42
How to organize floating IP between two load balancers? 2Reply
K
kluchkiny2019-07-23 10:30:18
Two ip addresses on the same domain name? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question