Beginner Basics • Re: How to DST-NAT trhough 2 mikrotik and 2 ISP

Hello, I have this configuration in the first and second mikrotik.

1.

Firewall NAT:
chain=dstnat action=dst-nat to-addresses=10.1.0.74 to-ports=809 protocol=tcp in-interface=ether2-ISP1 dst-port=809 log=yes
LOG:
Message: dstnat: in:ether2-ISP1 out:(unknown 0), src-mac 84:aa:9c:00:fe:2e, proto TCP (SYN), 95.39.x.189:51061->192.168.16.30:809, len 48
CONCLUSION:
The first router resolves you and connects you to 10.1.0.74:809

2.

Firewall NAT:
chain=dstnat action=dst-nat to-addresses=192.168.88.150 to-ports=809 protocol=tcp in-interface=ether2-ISP2 dst-port=809 log=yes
LOG:
dstnat: in:ether2-ISP2 out:(unknown 0), src-mac 74:4d:28:a8:e6:60, proto TCP (SYN), 10.1.0.1:51073->10.1.0.74:809, len 48
MANGLE:
0 chain=prerouting action=mark-connection new-connection-mark=MAGON passthrough=yes src-address=10.1.0.1
1 chain=prerouting action=mark-routing new-routing-mark=TO-MAGON passthrough=no connection-mark=MAGON
ROUTE:
0 A S ;;; MAGON
192.168.88.150/32 10.1.0.1 2 Routing-Mark: TO-MAGON
CONCLUSION:
The second router enters the packets but they do not leave, the mangle is not done well, and the user does not see it from the outside

Statistics: Posted by burgos — Tue Mar 12, 2024 1:35 pm

---