Mikrotik Solution

hello ,
i need to make only 1 ip(our mail server) to go throught 2nd Line internet
and all network to the 1st line internet
i made that work fine

but now i need to make that mail server to send and recive thought one public ip address
i make src-nat and dst-nat for certian ip address ,now this server can go outside with this public ip address but i cannot connect from outside to this ip address

what might be the problem here?

i'll put my configuration in here

SWAN - 1st internet Line
SABWAN - 2st Internet Line

0 ;;; LAN Address SLAN

2 ;;; IP Address - ADSL SABWAN

Ip route

0 A S ;;; 1nd line Route r 1 SWAN
1 A S ;;; 2nd Line for Server - Mark Route r 10 SA..
2 ADC 0 SA..

Ip mangle
0 ;;; DC
chain=prerouting action=mark-routing new-routing-mark=dc passthrough=no

ip firewal NAT
0 ;;; Source From Mail - Access Outside
chain=srcnat action=src-nat to-addresses=
src-address= out-interface=SABWAN

1 ;;; Destination To Mail - Access Outside
chain=dstnat action=dst-nat to-addresses=
dst-address= in-interface=SABWAN

2 ;;; 1st Line Internet Masqurade
chain=srcnat action=masquerade out-interface=SWAN

3 ;;; 2st Line Internet Masqurade
chain=srcnat action=masquerade out-interface=SABWAN

all i want is to ppl can use internet line 1
and this mail server use internet line 2
and i can access from outside to the mail server?
my issue that i cann't access from outside to this mail server throught the public ip
and also i don't recive emails from outside
Akram MokhtarAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Akram MokhtarConnect With a Mentor Author Commented:
i did another solution by makeing all the the default internet on the Line 2
then i change each pc to have internet to the Line 1

thanks for your help ppl
Berkson WeinTech FreelancerCommented:
What model Mikrotic router do you have?

first of all, you don't need the explicit src-nat for the mail server outbound - the masquerade rule on that imnterface will do that job for you.

secondly, are you attempting to access the mail server via ip address on the primary (SWAN) link?  If so, that can't work because the reply packets will go via SABWAN and so be marked with that source address.  The reply packets will reach the client OK, but will have the wrong IP address as source =, so they will be ignored by the client.

If you want to access the mail server on both interfaces, then you will need to first mark the connection based on what interface the connection comes in on, and then make your mangle rule mark the routing based on the connection mark/s.

Cheers,  Mike.
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Akram MokhtarAuthor Commented:
my MT is 3.30
can u show me how to configure in script ?
i want all ppl go to internet LINE 1
and i want the Mail server internal IP use internet Line 2 and uses Public IP address thatz what i want to do?
i really don't know how to do it?
Akram MokhtarAuthor Commented:
sorry i mean public ip
and i can access it from outside
Akram MokhtarAuthor Commented:
i want to access from outside same ip address

first, make masquerade rule for BOTH(/all) outbound links.

/ip firewall nat add chain=src-nat src-address= action=masquerade

make sure that default route is via first line:

/ip route add dst-address= gateway=

put a routing mark on traffic coming from the mail server:

ip firewall mangle add src-address= action=mark-routing routing-mark=mail

and create a default route for that mark:

/ip route add dst-address= gateway=

last of all, use dst-nat to map the outside 2nd IP to the mail server:

/ip firewall nat add chain=dst-nat dst-address= action=dst-nat to-addresses=

Should be all done...

All Courses

From novice to tech pro — start learning today.