Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
5
5
5d1442021-08-18 00:32:53
Mikrotik
5d144, 2021-08-18 00:32:53

Mikrotik port forwarding through L2tp how to do it right?

Mikrotik 1 - white IP. It has an L2tp server.
Mikrotik 2 - gray IP, it is the l2tp Client of the 1st Mikrotika. In his local video recorder, and Ip cameras.
An EOIP tunnel is also up between M1 and M2.
From the local network Mikrotik 1 there is access to the local network Mikrotik 2 and vice versa Winbox sees both routers from any local area, SADPTool and ConfigTool see all cameras and the recorder.

Task - Using White IP mikrotik 1 to get to the registrar behind mikrotik 2.
Added rules to NAT
chain=srcnat out-interface=all-ppp add action=masquerade
add action=dst-nat chain=dstnat dst-port=37777 in-interface- list=WAN log=yes protocol=tcp to-addresses=192.168.88.200 to-ports=37777
I can't connect to the registrar from the Internet. in log -dstnat: in:ether1 out:(unknown 0), src-mac 00:04:96:cf:0e:a6, proto TCP (SYN), 46.133.148.103:38851->WHITE IP:37777 len 60
Not I can figure out what the problem is.
Help me please!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
O
Oleg Popov, 2021-08-18
@Maestrosoft

I understand that 192.168.88.200 is the address of the registrar on Mikrotik2?
Then you get the following...
Your request comes to the address of the registrar, but the response from the registrar goes along the default route, which is registered on Mikrotik2!!! Those. package is invalid!!!
I would do the following:
- on Mikrotik2 I marked the packets that leave the registrar
- I added a route to Mikrotik2: to 0.0.0.0/0 via vpn (to Mikrotik1) ONLY for the packages marked above
Well, probably something like this ...

Report
G
Gregory, 2021-08-19
@Maxlinus

mikrotik-ukraine.blogspot.com/2016/11/vpn-mikrotik.html

Report
5
5d144, 2021-08-19
@5d144

As per the link, it doesn’t work, I tried it, and the comments also say that it’s not a working scheme.

Report
K
korsar182, 2021-08-24
@korsar182

Add rules to Mikrotik1

/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.88.200 dst-port=37777 protocol=tcp
add action=dst-nat chain=dstnat dst-port=37777 in-interface-list=WAN protocol=tcp to-addresses=192.168.88.200 to-ports=37777

Similar questions
N
Nikita Melikhov2016-09-16 09:47:12
How to configure the interface on Mikrotik? 2Reply
R
rustik232022-04-05 20:23:25
Virtual local through vpn? 1Reply
A
Andrew2016-09-20 21:11:37
Access to network resources through an external IP, being in the same network? 2Reply
M
Mark Ivanych2014-09-17 13:20:58
How to import a certificate into mikrotik? 1Reply
A
Andrew2016-09-23 01:23:09
How to make sms authorization for wifi on mikrotik equipment? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question