Mark my words !
MIKROTIK is the Future & Cisco’s Domination will go down day by day. For sure CISCO still holds the majority of shares in the router/switching world, but it will going to change very soon . . .
CISCO is the best, but at a higher price. Cisco have edge dueto its reliable OS and Hardware.
On the other hand Mikrotik is good for multi purpose requirements in a very cheap price as compared to CISCO. So very cost effective solution.
Its all about personnel preference, choice, budget. But even if i have high budgeting, I will prefer Mikrotik 🙂 , buts that’s my personnel choice. and you are not bound to agree with it 😀
Jz
↓
Recently I did some testing at my office for a possible replacement of Cisco ASA 5510 Firewall/Router with Mikrotik Router-board. Following are some short reference on how I did it. I had a /29 public ip pool. Configuration was was pretty straight forward but i was confused on howto route specific LAN server (or ip) traffic with Specific WAN ip. Using src-address I managed to solve it. Following are short reference for future usage.
Scenario is as follows
We will configure all useable WAN ip addresses in mikrotik wan interface, and we will forward required ports from specific wan ip’s to specific lan servers. we will also configure firewall so that only required ports are open from WAN side for security purposes, all other traffic will be denied on WAN interface. We will also bind local servers with specific WAN ip addresses.
Mikrotik have two interfaces.
ether1 = LAN users
ether2 = WAN Link
Now we want to forward traffic as follows. (all ip scheme used here is fictional and for example purposes only)
mail server = 10.0.0.2 → 1.2.3.1 WAN IP
dude server = 10.0.0.3 → 1.2.3.2 WAN IP
cctv1 server = 10.0.0.4 → 1.2.3.3 WAN IP
cctv2 server = 10.0.0.5 → 1.2.3.4 WAN IP
IP Configuration at Mikrotik Interfaces . . .
/ip address add address=10.0.0.1/8 comment=LAN disabled=no interface="LAN - ether1" add address=1.2.3.1/29 interface="WAN - ether2" add address=1.2.3.2/29 interface="WAN - ether2" add address=1.2.3.3/29 interface="WAN - ether2" add address=1.2.3.4/29 interface="WAN - ether2"
↓
Filter Rules Section to allow only required Incoming traffic on WAN interface, and DENY all other for security purposes 🙂
Now we will first add required ports in firewall filter BEFORE DENY rule which is in last.
/ip firewall filter add action=accept chain=input comment="SMTP" disabled=no dst-address=1.2.3.1 dst-port=25 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="POP3" disabled=no dst-address=1.2.3.1 dst-port=110 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="Webmail" disabled=no dst-address=1.2.3.1 dst-port=80 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="DUDE" disabled=no dst-address=1.2.3.2 dst-port=80 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="CCTV 1" disabled=no dst-address=1.2.3.3 dst-port=81 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="CCTV 2" disabled=no dst-address=1.2.3.4 dst-port=82 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="WINBOX 8192" disabled=no dst-port=8192 in-interface="WAN - ether2" protocol=tcp add action=accept chain=input comment="Allow PING ICMP " disabled=no protocol=icmp add action=drop chain=input comment="DROP ALL INCOMING TRAFFIC ON WAN INTERFACE" disabled=no in-interface="WAN - ether2"
↓
NAT Section To Do Port Forwarding From WAN ip’s To Local Server’s and use src-nat to bind local server to route traffic via specific WAN IP
### First dst-nat section to forward port
/ip firewall nat add action=dst-nat chain=dstnat comment="SMTP 25 Forward to MAIL-Server" disabled=no dst-address=1.2.3.1 dst-port=25 in-interface="WAN - ether2" protocol=tcp to-addresses=10.0.0.2 to-ports=25 add action=dst-nat chain=dstnat comment="POP3 110 Forward to MAIL-Server" disabled=no dst-address=1.2.3.1 dst-port=110 in-interface="WAN - ether2" protocol=tcp to-addresses=10.0.0.2 to-ports=110 add action=dst-nat chain=dstnat comment="Web 80 Forward to MAIL-Server Webmail" disabled=no dst-address=1.2.3.1 dst-port=80 in-interface="WAN - ether2" protocol=tcp to-addresses=10.0.0.2 to-ports=80 add action=dst-nat chain=dstnat comment="Web 80 Forward to DUDE" disabled=no dst-address=1.2.3.2 dst-port=80 in-interface="WAN - ether2" protocol=tcp to-addresses=10.0.0.3 to-ports=80 add action=dst-nat chain=dstnat comment="CCTV1 - 81 Forward to cctv1" disabled=no dst-address=1.2.3.3 dst-port=81 in-interface="WAN - ether2" protocol=tcp to-addresses=10.0.0.4 to-ports=81 add action=dst-nat chain=dstnat comment="CCTV2 - 82 Forward to cctv2" disabled=no dst-address=1.2.3.4 dst-port=82 in-interface="WAN - ether2" protocol=tcp to-addresses=10.0.0.5 to-ports=82 ### Now route specific local servers traffic from specific WAN IP address add action=src-nat chain=srcnat comment="Rotue mail traffic via 1.2.3.1" disabled=no src-address=10.0.0.2 to-addresses=1.2.3.1 add action=src-nat chain=srcnat comment="Rotue DUDE traffic via 1.2.3.2" disabled=no src-address=10.0.0.3 to-addresses=1.2.3.2 add action=src-nat chain=srcnat comment="Rotue CCTV1 traffic via 1.2.3.3" disabled=no src-address=10.0.0.4 to-addresses=1.2.3.3 add action=src-nat chain=srcnat comment="Rotue CCTV2 traffic via 1.2.3.4" disabled=no src-address=10.0.0.5 to-addresses=1.2.3.4 add action=masquerade chain=srcnat comment="Default Masquerade Rule for LAN" disabled=no out-interface="WAN - ether2" src-address=10.0.0.2-10.0.0.255
☺
Now test it from WAN side. You can check port status from http://www.yougetsignal.com/tools/open-ports/
♣ ♣ ♣
<< HAIRPIN NAT >>
Using above method, I was ablet o successfully setup a port forwarding on a Mikrotik router that do port forwarding from mikrotik wan ip to local lan servers (Example: 1.2.3.4:3389 to 192.168.1.10:3389)
BUT there is a BUT, when I tried to open Mikrotik WAN ip from local LAN user, for example
192.168.1.20 –> 1.2.3.4:3389 –> 192.168.1.10:3389
it didn’t opened and the connection goes in SINK hole, means lost.
The solution was to rewrite the port forwarding rule to NOT to use in-interface=WAN-GATEWAY, but dst-address-type=local
This is called – among other terms – hair pin NAT because the traffic flow has clients enter the router through the same interface it leaves through, which when drawn looks like a hair pin.
As showed in the example below . . .
# DST-NAT rule to redirect port 3389 from /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-address=1.2.3.4 dst-address-type=local dst-port=3389 protocol=tcp to-addresses=192.168.1.10 to-ports=3389 comment="Redirect RDP PORT TCP 3389 to local server" # Masquerade local traffic going to mikrotik WAN IP - [To access that service from LAN using mikrtoik wan ip] /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.10 protocol=tcp dst-port=3389 out-interface=LAN-Interface action=masquerade comment="Masquerade Traffic going to WAN IP of mikrotik from local LAN users"
Regard’s
Syed Jahanzaib
WoW Gr8
LikeLike
Comment by Patel Deep — November 13, 2013 @ 12:19 PM
Nice post … Im dont have multiple public IP but … Im always think that asign public ip to servers and turn off masquerade to this servers … isn this be beter ? only it will be need for aditional public IP which be asigned to lan interface … and used for default gateway for this servers … something like this … what you think ?
LikeLike
Comment by Damir — November 13, 2013 @ 9:10 PM
Nice Sir
🙂
LikeLike
Comment by FZN — November 14, 2013 @ 11:43 PM
thank you
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 20, 2013 @ 1:24 PM
I like you quote.
” … it is going to change very soon.”
And now i use this config with my modification-config for my email server “Exchange 2013”. I have replaced the old CISCO ASA 5500 with migration to the CCR1036-12G-4S. It is working very well.
Thank you & Regards
/Wichets.
LikeLike
Comment by wichets — November 15, 2013 @ 7:16 AM
Yes Mikrotik is good in very cheap price as compared to CISCO devices. and mikrotik is a multi purpose device , and we can use it to perform various tasks. not just routing
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 20, 2013 @ 1:25 PM
Nice
could you explain how to do this solution with 4 wan connection
Mikrotik have 5 interfaces.
ether1 = LAN users
ether2 = WAN1 Link
ether3 = WAN2 Link
ether4 = WAN3 Link
ether5 = WAN4 Link ( public ip range )
regards.
LikeLike
Comment by saeed alimi — November 15, 2013 @ 5:55 PM
No issue in public ips you can use it in same manner you are using private ips
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 20, 2013 @ 1:20 PM
Salam alykom ,
Thanks for all of your usefull posts , I need to setup MT on virtualbox but got a problem that i can’t configure the router gate way cause i ‘m under another mt . how to fix it . what kind of ip should i put .
LikeLike
Comment by amadiuos — November 15, 2013 @ 11:25 PM
you have to post complete network layout how currently things are configured. and preferably with network diagram.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 20, 2013 @ 1:19 PM
I ‘m sorry , here is how it looks like . Internet->Mikrotik 5.21 -> w7 client (virtual box with Mikrotik as a server and xp as a client ) Can’ configure ip -> route , means no internet is going to the xp client . How to do it ?
LikeLike
Comment by amadiuos — November 20, 2013 @ 11:47 PM
Dear Jehanzaib,
Thank you for your very informative and practical posts. I requested you in one of your earlier post for providing a little information about the environment you used for that post. The post were “howto-stream-live-tv-channel-local-file-over-the-network-using-vlc-gui-n-cli-and-view-it-via-browserplayer”.
I use VLC with Dany TV tuner usb device for multicasting the TV stream , but VLC does not produce audio from the tuner. The TV device successfully produce the audio when used with its own software i.e TV HomeMedia.
Please let me know the TV tuner device, the OS and the version of VLC which were successful when you implement live TV channel streaming using VLC for AA Cable Network Service at mentioned in the post.
Thanks a lot
Abdul Hameed
LikeLike
Comment by Abdul Hameed — November 18, 2013 @ 9:25 PM
I used Dany TV Tunner card, I dont remember the model as I used it few years back. But cost was around 1500 Rupees.
Windows OS was XP and VLC version was VLC-MEDIA-PLAYER-0.9.8A
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 20, 2013 @ 1:14 PM
Nice. Thanks man
LikeLike
Comment by Mikrotik — November 25, 2013 @ 7:12 PM
Dear Jehanzaib Ji,
I’m facing a severe issue in my network. We are a small ISP having 4000 customers, we are using 2 no’s of mikrotik ROS installed on Dell Poweredge R 210 servers for serving those customers. Also We are providing p2p caching(extreme peering) to the users. Now the problem is when most of the users come online during peak hours, all the customers are complaining regarding slow browsing. Even though we have enough bandwidth on our upstream we are facing this slow browsing issue. Please help in resolving the issue.
LikeLike
Comment by pradeep — December 13, 2013 @ 10:03 PM
It really depends on how network is configured.
– Do you have any proxy server(s) installed ? If yes, have you tried disabling it and monitored the traffic?
– Have you monitored the RESOURCE usage in peak time for both Mikrotik?
– Have you any monitoring system like MRTG to keep track of bandwidth and resource usage record to compare difference for idle and peak timings difference?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 16, 2013 @ 10:44 AM
It really depends on how network is configured.
– Do you have any proxy server(s) installed ? If yes, have you tried disabling it and monitored the traffic?
– Have you monitored the RESOURCE usage in peak time for both Mikrotik?
– Have you any monitoring system like MRTG to keep track of bandwidth and resource usage record to compare difference for idle and peak timings difference ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 16, 2013 @ 10:45 AM
dear sir .. can you help me
I recieve two Internet package (WAN) from different companies. Each package (WAN) put in the hub switch and then broadcast on the devices to reach customers … Can I shortcut by one broadcast devices run on the packages together using mikrotik device
LikeLike
Comment by Osama Fadil — January 6, 2014 @ 11:35 PM
please I need help ,explain how conect 3 WAN to eathernet 1 2 and 3 and 3 LAN
LikeLike
Comment by hasanein — January 28, 2014 @ 6:03 PM
hello Syed Jahanzaib, please i come from cameroon, i’m in india now i want to know if you know a training center of mikrotik here, thanks. mu email: willyarmel7@yahoo.fr
LikeLike
Comment by nkandjeu — March 10, 2014 @ 9:42 PM
you can try this. http://www.mikrotik.com/training/partners/asia/india
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 11, 2014 @ 8:29 AM
hello jahanzaib may i use that router as an public ip to use remote server access plz help
LikeLike
Comment by syedsaqibhussain — March 31, 2014 @ 11:56 AM
hello jahanzaib may i use that router as an public ip to access remote server
LikeLike
Comment by syedsaqibhussain — March 31, 2014 @ 11:57 AM
yes you can.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 1, 2014 @ 10:59 AM
Thanks for such a great post
LikeLike
Comment by kirkita — April 8, 2014 @ 1:35 AM
hello jahanzaib, how to to port forwarding in mikrotik for multiple DVRs using only one public ip with different ports? Is it possible through DDNS… please help
LikeLike
Comment by pradeep — April 12, 2014 @ 3:29 PM
yes its possible. I recently configure 5 DVR on single PUBLIC IP using port forwarding.
something like this.
http://yourdvr.xyz.com:81
http://yourdvr.xyz.com:82
http://yourdvr.xyz.com:83
and so on …
Just change the appropriate ports on all DVR to match the forwarded ports.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 13, 2014 @ 1:02 PM
could you please give me the necessary configuration steps – Thanks
LikeLike
Comment by Pradeep — April 13, 2014 @ 3:05 PM
3 Adsl mean 3Wan Connections merged/loadbalancing with RB750GL and use RB450G for Hotspot/PPPoE
now one of my PPPoE client want to Port Forward their CCTV Cameras.
Modem > RB750GL > RB450G… > Client Router
Can you please Help me
LikeLike
Comment by hammad hassand — April 17, 2014 @ 8:03 PM
Reblogged this on weera00.
LikeLike
Comment by weera00 — May 12, 2014 @ 12:22 AM
Hello Syed Jahanzaib
based on your config, if i want to monitor how many traffic per each WAN IP using single interface and showing in graph, can you help me how to do that ?
LikeLike
Comment by Ray — June 5, 2014 @ 8:56 AM
I guess not possible, as MRTG will see interface traffic, not IP.
may be possible with Linux base MRTG tool. but not sure as I have never tested it.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 5, 2014 @ 12:03 PM
alright then, i should think another way. tq
LikeLike
Comment by Ray — June 5, 2014 @ 2:18 PM
Dear sir i have some blockage issue in my interfaces, i have pool of PUBLIC IP and every time pta block these ip during internet working, is there any option i want to use uses all public ip into different departments, i have 5 lan ports in my server, and i want to give different ip to everyone.
ok give me idea, plz i m suffering for this problem mine email id is …..
muhammadali_Daudpoto991@hotmail.com
thanks
LikeLike
Comment by muhammadali_daudpoto@hotmail.com — June 10, 2014 @ 1:33 PM
sorry 991 is wrong email
LikeLike
Comment by muhammadali_daudpoto@hotmail.com — June 10, 2014 @ 1:34 PM
Assalam Alaikum Dear Bhai.. Router Board 750 Main Fariya Net Or Connect Net Ek Sath kis tarha ho ga Auto par Fariya ki I.P – Manuel Par Connet ki I.P
LikeLike
Comment by Naeem Muavia — September 2, 2014 @ 2:39 AM
its not hairpin NAT its just a simple port forwading method… that i am thinking about NAT HAIRPIN is about to merge nd control the client netwoetwork through VLAN to give the client a one network out of the multiple networks such as we suppose we have leonet and fariya and also connect services. and leonet is on pppoe and fariya and connect have pptp….so i need to do is just want to make a one local network of my own dhcp server and the client can buy his favourite internet services from me….how can i give some choices on single network for my customers.for example making routes or nieghbours??? bgp routing???? i just using a simple method right now…i have connect and leonet on one network and its working fine because my leonet dhcp is putting off by the request of mine…but now i need to put the fariya also in single network….is that any idea to do that with mikrotrik??? mpls ???
LikeLike
Comment by waqas hussain — September 15, 2014 @ 6:38 AM
I’ve got a network is very simple, but I suffer from scammers and stolen online and needed a wall strong protection and I need someone to help me in so I’m Mbtdae I do not have experience enough if here someone can help me I should be grateful to him and ready payment to him if he wants the amount vs
my phone 00967770323466
my emil alakwaa_mohammed@yahoo.com
LikeLike
Comment by hamzh alhnde — October 30, 2014 @ 1:54 AM
Salam,
I tried your configuration but nothing worked because may be because of I can’t move my Firewall Rule to top my list and /ip firewall filter > print showing me the new rule at the bottom.
Any idea how can I move my rules?
LikeLike
Comment by atifziaq — January 20, 2015 @ 7:04 PM
Sort the rule Number wise and see if its helping. usually by picking the rule via mouse and move it to top or any place works. you can use CLI command as well to move the rule any where. example
/ip fir nat move numbers=50 destination=0
change the number 50 to your rule number
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 21, 2015 @ 9:47 AM
It is working now and thank you for your efforts. Can you please write a helping blog on L2TP MikroTik Site-to-Site and Desktop to Site VPN. I am using PPTP but VPN connection is not that secure. I am struggling with L2TP and I wonder if you can help the community.
LikeLike
Comment by atifziaq — January 27, 2015 @ 11:04 AM
Do you know how to create a WAN Switch? Basically WAN1 has 10 IP’s. I want to be able to use a Public IP that comes in on WAN1 on WAN2 on a laptop to test something.
LikeLike
Comment by cactuscraig — January 22, 2015 @ 10:14 PM
for proper testing, you should have at least two interfaces to bind specific interface with WAN.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2015 @ 8:44 AM
Plese send me the codes
WAN1 – Lised line connection 10mbps
ip address 51.21.22.150
subnet mask 255.255.255.252
defult gateway 51.21.82.149
dns primary 103.8.55.4
dns secondary 103.8.55.4
WAN2 – broad band connection
User name “karth”
Password “Karth@123”
WAN3 – broad band connection
User name “youg”
Password “youg@123”
LAN1
Ip address 192.168.1.250
subnet mask 255.255.255.0
defult gateway 192.168.1.1
dns primary X.X.X.X
dns secondary X.X.X.X
LAN1
Ip address 192.168.0.250
subnet mask 255.255.255.0
defult gateway 192.168.0.1
dns primary X.X.X.X
dns secondary X.X.X.X
>>I Need to combine three connection in such a way wan1 splited into two and then combine it to wan2 and wan3 Respectively
>>The splited wan1.a and wan2 should make lan1
>>The splited wan1.b and wan3 should make lan2
>>If wan 3 failed wan2 should take over
LikeLike
Comment by Karthik — August 19, 2015 @ 1:31 PM
You can use metarouter configuration for this
LikeLike
Comment by Nasko — February 26, 2018 @ 6:54 AM
If i need to access mail server from all WAN address??
1.2.3.1:25 –> 192.168.1.10:25
1.2.3.2:25 –> 192.168.1.10:25
1.2.3.3:25 –> 192.168.1.10:25
1.2.3.4:25 –> 192.168.1.10:25
How modify the nat for do this?
Thanks in advance,
Pablo.-
LikeLike
Comment by Pablo — February 12, 2016 @ 2:27 AM
[…] Blog post I found on the topic – gave me what I needed to make it work […]
LikeLike
Pingback by Hairpin NAT on Mikrotik v6.19 – yaleman.org — March 14, 2016 @ 6:27 PM
salam to all friends
kya mikrotik say user jo web site open kary un ka log ban sakta ha.
main chata hoon k user jo b site open kary mujy us ka pata chal jay….
please help me….
mary pass 3 wan han.2 ptcl ki aor aik nexlinx ki ha..kya main aik wan ko only uploading k lay use kar sakta hoon………
please help me….
LikeLike
Comment by Hafiz.M.Kashif — May 14, 2016 @ 11:40 AM
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 16, 2016 @ 9:26 AM
I have static IP and running pppoe using mikrotik. I want to forward port 81 to my client who want to use IP camera at Port 81 at his side please help
LikeLike
Comment by nauman rasheed — May 22, 2016 @ 1:37 PM
I have static IP and running pppoe using mikrotik. I want to forward port 81 to my client who want to use IP camera at Port 81 at his side please help me
LikeLike
Comment by nauman rasheed — May 22, 2016 @ 1:44 PM
hi I have \29 block and I want to nat the public iP to the internal IP and do port forwarding. e.g 192.168.100.1 account server, 192.168.100.2 IP camera, 192.168.100.3 mail server. my public is 105.234.155.152\29 and also for internet.
so do I add in the Addresses like 105.234.155.153\29 then in firewall dst-nat to 192.168.100.1
105.234.155.154\29 in firewall dst-nat 192.168.100.2 and so on?
LikeLike
Comment by matembo Chiramco — June 20, 2016 @ 3:36 PM
all you need is a dst-nat rule,
make sure your internal devices are using mikrotik as their default gateway and there internet access is allowed.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 21, 2016 @ 10:06 AM
Combine a VPN and Internet connection in a single router.
Hello ! I have a Mikrotik Router Board RB2011 and I subscribe for a VPN account and an internet account the whole connects via pppeo client and I would like to configure these two accounts in my router to have access via the local thanks (urgent).
LikeLike
Comment by willy — December 12, 2016 @ 4:58 PM
Provide More details…
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 19, 2016 @ 4:02 PM
I am able to access webserver in local network (LAN) using https://192.168.100.250:444
But can’t access from internet
/ip firewall filter add action=accept chain=input comment=”Firewall:Filter-WAN to myServer” disabled=no dst-address=127.243.217.185 dst-port=444 in-interface=”ether1-master-WAN” protocol=tcp
/ip firewall nat add action=dst-nat chain=dstnat comment=”Firewall:NAT-Internet to myServer Port Forwarding” disabled=no dst-address=127.243.217.185 dst-port=444 in-interface=”ether1-master-WAN” protocol=tcp to-addresses=192.168.100.254 to-ports=444
/ip firewall nat add action=src-nat chain=srcnat comment=”Firewall:NAT-myServer to WAN IP” disabled=no src-address=192.168.100.254 to-addresses=127.243.217.185
/ip firewall nat add action=masquerade chain=srcnat comment=”Firewall:NAT-Masquerade Rule for LAN” disabled=no out-interface=”ether1-master-WAN” src-address=127.243.217.185
LikeLike
Comment by IPMEEL — December 28, 2016 @ 8:39 PM
Can You please help me. I used your instruction to configure NAT on my Mikrotik. From External nat is working. From Internal nat is failing as you sayed. Than I used the rule to hairpin this. but after making the Masquerade rule I get the error message ” in/out-interface matcher not possible when interface (lan) is slave – use master instead (bridge)]
LikeLike
Comment by Ronald — February 24, 2017 @ 7:13 PM
I have a problem, the scenario is as follows: I have ADSL ->Mikrotik->switch->mailserver. Everything works perfect before, but when my old ADSL gone fault, our ISP came put a new ADSL. After that we have no internet connection. So I changed the IP of the ADSL to the same IP as from the old ADSL. Internet comes on, we can send emails out, but we have problem receiving emails from anyone outside. Here are the IP address details: ADSL is 192.168.1.0/24, our internal network IP addressing is on 192.168.22.0/24, which then the Mikrotik is configured as our gateway in the internal network with the IP address 192.168.22.254. Our mailserver IP address is 192.168.22.7. I don’t know what is the cause. can anyone help?
LikeLike
Comment by Bule — August 23, 2017 @ 5:43 AM
Salam alykom to all friends,
I have a problem and hope you help me, i have 2 wan links and the scenario for each wan is as follows:
WAN1 (ADSL1) ->Mikrotik->switch-> Remote Desktop server
WAN2 (ADSL2) ->Mikrotik->switch-> Remote Desktop server
Everything works perfect with only one link and i can access the server over 3389 port.
But if i connect the 2nd link, i can not able to access the server through 2nd link
based on your configuration i tried to simulate it for my scenario
WAN1:3389 –> 192.168.88.11:25:3389
WAN2:3389 –> 192.168.88.11:25:3389
could you explain how to do this solution with 2 wan connections
i use Mikrotik interfaces.
ether1 = LAN
ether2 = WAN1 Link
ether3 = WAN2 Link
thank you and best regards
LikeLike
Comment by Mohammed Mahdy — February 24, 2018 @ 1:06 AM
Hi,
I have a client needs to send the IPTV surveillance system to the HQ in other state
However
The ISP uplink capacity only 1M so I have an idea to make multi wan connection and using mikrotik to multiple the uplink to 5M that can give the acceptable results.
Can I use the same port forwarding with L2TP method to send it or I need to saprate the IP cameras to different VPNs and then send it
LikeLike
Comment by Gabr — March 21, 2022 @ 7:08 AM
[…] https://aacable.wordpress.com/2013/11/13/mikrotik-with-multiple-wan-ips-and-port-forwarding/ […]
LikeLike
Pingback by HAIRpin NAT – Blogging time — April 25, 2022 @ 2:23 PM