Mikrotik how to forward ports through the tunnel?

J

john-doe2018-09-14 16:00:21

VPN

john-doe, 2018-09-14 16:00:21

There are two Mikrotik routers with static IPs.
MIC1:
Static IP: 212.33.44.111
Local IP: 10.1.3.1
L2tp server: 10.1.4.1
There is a piece of hardware in MIC1 network 10.1.3.13
MIC2:
Static IP: 194.88.222.99
Local IP: 10.3.1.1 L2tp client
: 10.1.4.251
MIK2 is a piece of iron 10.3.1.6 I
forward port 22, through MIK2 and l2tp to 10.1.3.13, i.e. 194.88.222.99:1022 --> 10.1.3.13:22
At the moment, if you try to connect to 10.1.3.13 from MIK2 or from 10.3.1.6, you have access. From the outside, through 194.88.222.99:1022, there is no access.
On MIC2 in NAT it is written:
5 chain=dstnat action=dst-nat to-addresses=10.1.3.13 to-ports=22 protocol=tcp dst-address=194.88.222.99 in-interface=ether10 dst-port=1022 log=no log-prefix=""
Tell me how to solve the problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

TyzhSysAdmin, 2018-09-14
@POS_troi

Now your traffic is not going the way you expect :)
With your scheme, the response from 10.1.3.13 goes along the default mik1 route and not as you expect it to go to the tunnel and mik2 as a result, the client receives a response from another IP and it is legitimate throws him away.
You need either double nut or package labeling.
Try to do this on mic1
marking

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!10.1.3.0/24 \
    new-routing-mark=ssh passthrough=yes protocol=tcp src-address=10.1.3.13 \
    src-port=22

Route

/ip route
add distance=1 gateway=L2TP_TUNNEL_NAME routing-mark=ssh