Mikrotik Solution

hello ,
i need to make only 1 ip(our mail server) to go throught 2nd Line internet
and all network to the 1st line internet
i made that work fine

but now i need to make that mail server to send and recive thought one public ip address
i make src-nat and dst-nat for certian ip address ,now this server can go outside with this public ip address but i cannot connect from outside to this ip address

what might be the problem here?

i'll put my configuration in here

SLAN - LAN
SWAN - 1st internet Line
SABWAN - 2st Internet Line

0 ;;; LAN Address
192.168.1.2/24 192.168.1.0 192.168.1.255 SLAN
1 1.1.1.130/28 1.1.1.1 1.1.1.111 SWAN

2 ;;; IP Address - ADSL
2.2.2.244/28 2.2.2.128 2.2.2.143 SABWAN

Ip route

0 A S ;;; 1nd line Route
0.0.0.0/0 r 1.1.1.129 1 SWAN
1 A S ;;; 2nd Line for Server - Mark Route
0.0.0.0/0 r 2.2.2.241 10 SA..
2 ADC 2.2.2.240/28 2.2.2.243 0 SA..
3 ADC 192.168.1.0/24 192.168.1.2 0 SLAN
4 ADC 1.1.1.128/28 1.1.1.130 0 SWAN

Ip mangle
0 ;;; DC
chain=prerouting action=mark-routing new-routing-mark=dc passthrough=no
src-address=192.168.1.1

ip firewal NAT
0 ;;; Source From Mail - Access Outside
chain=srcnat action=src-nat to-addresses=2.2.2.244
src-address=192.168.1.1 out-interface=SABWAN

1 ;;; Destination To Mail - Access Outside
chain=dstnat action=dst-nat to-addresses=192.168.1.1
dst-address=2.2.2.244 in-interface=SABWAN

2 ;;; 1st Line Internet Masqurade
chain=srcnat action=masquerade out-interface=SWAN

3 ;;; 2st Line Internet Masqurade
chain=srcnat action=masquerade out-interface=SABWAN

all i want is to ppl can use internet line 1
and this mail server use internet line 2
and i can access from outside to the mail server?
my issue that i cann't access from outside to this mail server throught the public ip
and also i don't recive emails from outside
Akram MokhtarAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Berkson WeinTech FreelancerCommented:
What model Mikrotic router do you have?
0
meverestCommented:
Hi,

first of all, you don't need the explicit src-nat for the mail server outbound - the masquerade rule on that imnterface will do that job for you.

secondly, are you attempting to access the mail server via ip address on the primary (SWAN) link?  If so, that can't work because the reply packets will go via SABWAN and so be marked with that source address.  The reply packets will reach the client OK, but will have the wrong IP address as source =, so they will be ignored by the client.

If you want to access the mail server on both interfaces, then you will need to first mark the connection based on what interface the connection comes in on, and then make your mangle rule mark the routing based on the connection mark/s.

Cheers,  Mike.
0
Akram MokhtarAuthor Commented:
my MT is 3.30
can u show me how to configure in script ?
i want all ppl go to internet LINE 1
and i want the Mail server internal IP 192.168.1.1 use internet Line 2 and uses Public IP address 2.2.2.4 thatz what i want to do?
i really don't know how to do it?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Akram MokhtarAuthor Commented:
sorry i mean public ip 2.2.2.244
and i can access it from outside
0
Akram MokhtarAuthor Commented:
i want to access from outside same ip address 2.2.2.244
0
meverestCommented:
Hi,

first, make masquerade rule for BOTH(/all) outbound links.

/ip firewall nat add chain=src-nat src-address=192.168.1.0/24 action=masquerade

make sure that default route is via first line:

/ip route add dst-address=0.0.0.0/0 gateway=1.1.1.129

put a routing mark on traffic coming from the mail server:

ip firewall mangle add src-address=192.168.1.1 action=mark-routing routing-mark=mail

and create a default route for that mark:

/ip route add dst-address=0.0.0.0/0 gateway=2.2.2.243

last of all, use dst-nat to map the outside 2nd IP to the mail server:

/ip firewall nat add chain=dst-nat dst-address=2.2.2.244 action=dst-nat to-addresses=192.168.1.1

Should be all done...

cheers!
0
Akram MokhtarAuthor Commented:
i did another solution by makeing all the the default internet on the Line 2
then i change each pc to have internet to the Line 1

thanks for your help ppl
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.