The easiest, as far as I can see is something along the lines of the following. This simply takes whatever arrives to the interfaces in the WAN list and translates it to the PFSense's address.
By default, Mikrotik has a rule that permits all traffic to destinations that were translated If you have left it, that should still work.
Note that in the description you give, you have no 192.168.70.254 and you said you assigned 70.2 to ether2 which you show connected to the second ISP. It may be that you already have quite a problem before doing more work.
Lastly, you are making this quite complex for the simple case you have. I think you should stop and consider simplifying your network: for example there is no need to do a NAT on the Mikrotik AND on the PFSense when you could just do the NAT on the Mikrotik directly to the real address of the server.
Code:
/ip/firewall/natadd chain=dstnat in-interface-list=WAN action=dst-nat to-addresses=192.168.70.1Note that in the description you give, you have no 192.168.70.254 and you said you assigned 70.2 to ether2 which you show connected to the second ISP. It may be that you already have quite a problem before doing more work.
Lastly, you are making this quite complex for the simple case you have. I think you should stop and consider simplifying your network: for example there is no need to do a NAT on the Mikrotik AND on the PFSense when you could just do the NAT on the Mikrotik directly to the real address of the server.
Statistics: Posted by vingjfg — Wed Jan 24, 2024 9:42 pm