Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Shamil2020-09-05 17:54:55
Mikrotik
Shamil, 2020-09-05 17:54:55

Why is wan2 not available from outside?

there are 2 wans with white IPs, pppoe-out1 and ether2 (ipoe - but gets local addresses in dhcp).

made a simple marking of connections and route, added rules to routes, but not in any pancake :(-

mangle

0 chain=input action=mark-connection new-connection-mark=wan1-in passthrough=no
in-interface=pppoe-out1 log=no log-prefix=""
1 chain=input action=mark-connection new-connection-mark=wan2-in passthrough=no
in-interface=ether2 log=no log-prefix=""
2 chain=output action=mark-routing new-routing-mark=wan1 passthrough=no
connection-mark=wan1-in log=no log-prefix=""
3 chain=output action=mark-routing new-routing-mark=wan2 passthrough=no
connection-mark=wan2-in log=no log-prefix=""

dhcp-client

Flags: X - disabled, I - invalid, D - dynamic
0 interface=ether2 add-default-route=yes default-route-distance=2 use-peer-dns=no
use-peer-ntp=no dhcp-options=hostname,clientid,clientid_duid status=bound
address=10.140.252.37/24 gateway=10.140.252.1 dhcp-server=10.10.1.241 primary-dns=10.10.
secondary-dns=10.10.1.10 expires-after=17m38s

routes

0 A S dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable
check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=wan1

1 A S dst-address=0.0.0.0/0 gateway=10.140.252.1
gateway-status=10.140.252.1 reachable via ether2 check-gateway=ping
distance=1 scope=30 target-scope=10 routing-mark=wan2

2 ADS dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable
distance=1 scope=30 target-scope=10

3 DS dst-address=0.0.0.0/0 gateway=10.140.252.1
gateway-status=10.140.252.1 reachable via ether2 distance=2 scope=30
target-scope=10 vrf-interface=ether2

4 ADC dst-address=10.10.10.10/32 pref-src=IP_ppppoe-out1 gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10

5 ADC dst-address=10.140.252.0/24 pref-src=10.140.252.37 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10

when trying to ping ether2 from the outside world, in the connection tracker, for some reason, the local dhcp address (10.140.25.37) is displayed in dst-address
5f53a674dce36301441144.jpeg

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
poisons, 2020-09-05
@poisons

Say hello to the provider. It's nonsense to give external addresses like that. It is quite expected that you see exactly this picture, the provider did not give you an external address to the interface, but makes nat one to one from your external address to some internal 10.140.25.37. What's wrong?
And that's why it's not available - you yourself screwed up the options on the firewall / mangle, until the provider does not pass traffic.
Config show where you mark connections.

Similar questions
M
Monitorkin2017-04-04 23:16:51
Why is Mikrotik beeping? 5Reply
S
Sergey2019-09-05 22:16:53
Why does the network fail on my computer when I add a VPN route? 1Reply
A
Alexander2017-04-06 16:19:00
Mikrotik and oddities with DNS (cyclic resolving errors), how to solve? 2Reply
P
pred8or2021-03-28 12:57:54
How to connect a device on a network at a remote site to the office network? 1Reply
O
OrdosMalleus2015-04-16 10:42:20
Transfer / synchronization from Mikrotik the list of administrators to another Mikrotik? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question