Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Shamil2020-09-05 17:54:55
Mikrotik
Shamil, 2020-09-05 17:54:55

Why is wan2 not available from outside?

there are 2 wans with white IPs, pppoe-out1 and ether2 (ipoe - but gets local addresses in dhcp).

made a simple marking of connections and route, added rules to routes, but not in any pancake :(-

mangle

0 chain=input action=mark-connection new-connection-mark=wan1-in passthrough=no
in-interface=pppoe-out1 log=no log-prefix=""
1 chain=input action=mark-connection new-connection-mark=wan2-in passthrough=no
in-interface=ether2 log=no log-prefix=""
2 chain=output action=mark-routing new-routing-mark=wan1 passthrough=no
connection-mark=wan1-in log=no log-prefix=""
3 chain=output action=mark-routing new-routing-mark=wan2 passthrough=no
connection-mark=wan2-in log=no log-prefix=""

dhcp-client

Flags: X - disabled, I - invalid, D - dynamic
0 interface=ether2 add-default-route=yes default-route-distance=2 use-peer-dns=no
use-peer-ntp=no dhcp-options=hostname,clientid,clientid_duid status=bound
address=10.140.252.37/24 gateway=10.140.252.1 dhcp-server=10.10.1.241 primary-dns=10.10.
secondary-dns=10.10.1.10 expires-after=17m38s

routes

0 A S dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=wan1

1 A S dst-address=0.0.0.0/0 gateway=10.140.252.1
gateway-status=10.140.252.1 reachable via ether2 check-gateway=ping
distance=1 scope=30 target-scope=10 routing-mark=wan2

2 ADS dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable
distance=1 scope=30 target-scope=10

3 DS dst-address=0.0.0.0/0 gateway=10.140.252.1
gateway-status=10.140.252.1 reachable via ether2 distance=2 scope=30
target-scope=10 vrf-interface=ether2

4 ADC dst-address=10.10.10.10/32 pref-src=IP_ppppoe-out1 gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10

5 ADC dst-address=10.140.252.0/24 pref-src=10.140.252.37 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10

when trying to ping ether2 from the outside world, in the connection tracker, for some reason, the local dhcp address (10.140.25.37) is displayed in dst-address
5f53a674dce36301441144.jpeg

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
poisons, 2020-09-05
@poisons

Say hello to the provider. It's nonsense to give external addresses like that. It is quite expected that you see exactly this picture, the provider did not give you an external address to the interface, but makes nat one to one from your external address to some internal 10.140.25.37. What's wrong?
And that's why it's not available - you yourself screwed up the options on the firewall / mangle, until the provider does not pass traffic.
Config show where you mark connections.

Similar questions
A
Alexander Kolomyts2018-11-13 17:57:50
How to set up a Mikrotik router to transfer traffic between 2 VPNs? 1Reply
L
lemingg2016-06-15 11:42:04
How does simple queqe mikrotik logic work? 3Reply
I
Ilya Kuznetsov2018-11-14 14:23:31
How to make Mikrotik see the host through the EOIP tunnel not through the bridge? 1Reply
D
Drno2022-01-18 13:10:16
Why is this happening with VPNs? 1Reply
F
Fenyx_dml2018-11-18 18:40:56
How to set up mikrotik map lite for home network? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question