DarknessBBB

Forum Replies Created

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • in reply to: VPN ignores gateway with failure #65462
    DarknessBBB
    Participant

    Thank you Manuel, it’s a good workaround. I’m wondering if what is happening is a bug or a feature!

    in reply to: VPN ignores gateway with failure #65459
    DarknessBBB
    Participant

    Same happens here, this is driving me crazy!

    in reply to: VPN LAN-to-LAN and IP Masquerading #53718
    DarknessBBB
    Participant

    If for “hairpin NAT” you mean this:
    http://wiki.mikrotik.com/wiki/Hairpin_NAT
    it’s exactly our configuration, our servers have only private address and only certains ports are forwarded to the servers inside the lan.

    in the SiteA the VPN we are talking about is VPN01, and there is no NAT for that 🙁

    in reply to: VPN LAN-to-LAN and IP Masquerading #53716
    DarknessBBB
    Participant

    Thank you again

    Site A
    Routing Table

    Chain PREROUTING (policy ACCEPT 32606 packets, 2691K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4125 to:10.0.0.2:4125
    11 899 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.2:80
    696 43472 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.2:443
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12489 to:10.0.0.2:12489
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:12489 to:10.0.0.2:12489
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:161 to:10.0.0.2:161
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 to:10.0.0.2:161
    124 7132 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:10.0.0.2:25
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:38667 to:10.0.0.45:38667
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:38667 to:10.0.0.45:38667
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3391 to:10.0.0.18:3389
    98 4684 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 to:10.0.0.45:3306
    2 100 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:10.0.0.45:21
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 to:10.0.0.45:8081
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 to:10.0.0.45:80
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3393 to:10.0.0.27:3389
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4125 to:10.0.0.2:4125
    2 100 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.0.2:80
    1 48 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.0.2:443
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12489 to:10.0.0.2:12489
    0 0 DNAT udp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 udp dpt:12489 to:10.0.0.2:12489
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:161 to:10.0.0.2:161
    0 0 DNAT udp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 udp dpt:161 to:10.0.0.2:161
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:10.0.0.2:25
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:38667 to:10.0.0.45:38667
    0 0 DNAT udp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 udp dpt:38667 to:10.0.0.45:38667
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3391 to:10.0.0.18:3389
    1 40 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 to:10.0.0.45:3306
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:10.0.0.45:21
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 to:10.0.0.45:8081
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 to:10.0.0.45:80
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3393 to:10.0.0.27:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:34711 to:10.0.0.39:34711
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:34711 to:10.0.0.39:34711
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3394 to:10.0.0.75:3389
    0 0 DNAT tcp -- ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3394 to:10.0.0.75:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3392 to:10.0.0.76:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:60885 to:10.0.0.23:60885
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:60885 to:10.0.0.23:60885
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3399 to:10.0.0.2:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3395 to:10.0.0.47:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082 to:10.0.0.8:80
    4 240 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:10.0.0.5:80
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3397 to:10.0.2.100:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3398 to:10.0.0.96:3389
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3398 to:10.0.0.96:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:9025:9040 to:10.0.0.10:9025-9040
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5002:5004 to:10.0.0.10:5002-5004
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 to:10.0.0.10:5001
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 to:10.0.0.10:5000
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000 to:10.0.0.10:5000
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4569 to:10.0.0.3:4569
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:4569 to:10.0.0.3:4569
    19 1008 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:16881 to:10.0.0.10:16881
    11 705 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:16881 to:10.0.0.10:16881
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6881 to:10.0.0.10:6881
    1536 202K DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:6881 to:10.0.0.10:6881
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3396 to:10.0.0.77:3389
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3396 to:10.0.0.77:3389
    0 0 DNAT tcp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3400 to:10.0.0.64:3389
    0 0 DNAT udp -- ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3400 to:10.0.0.64:3389

    Chain POSTROUTING (policy ACCEPT 8291 packets, 570K bytes)
    pkts bytes target prot opt in out source destination
    32055 2479K SNATVS all -- * * 0.0.0.0/0 0.0.0.0/0
    9167 821K MASQUERADE all -- * ETH00 0.0.0.0/0 0.0.0.0/0
    11190 854K MASQUERADE all -- * ETH01 0.0.0.0/0 0.0.0.0/0
    173 9268 MASQUERADE all -- * ETH02 0.0.0.0/0 0.0.0.0/0
    0 0 MASQUERADE all -- * ETH03 0.0.0.0/0 0.0.0.0/0
    525 33405 MASQUERADE all -- * VPN00 0.0.0.0/0 0.0.0.0/0
    173 8298 MASQUERADE all -- * VPN03 0.0.0.0/0 0.0.0.0/0
    2549 185K MASQUERADE all -- * VPN04 0.0.0.0/0 0.0.0.0/0
    1 42 MASQUERADE all -- * VPN05 0.0.0.0/0 0.0.0.0/0
    1 42 MASQUERADE all -- * VPN06 0.0.0.0/0 0.0.0.0/0
    8232 565K OpenVPN all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    Site B

    Chain PREROUTING (policy ACCEPT 6166K packets, 492M bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp -- ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4569 to:10.0.2.2:4569
    0 0 DNAT udp -- ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:4569 to:10.0.2.2:4569
    1275K 64M DNAT tcp -- ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389 to:10.0.2.3:3389
    0 0 DNAT udp -- ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3389 to:10.0.2.3:3389
    6450 330K DNAT tcp -- ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3390 to:10.0.2.100:3389
    0 0 DNAT udp -- ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3390 to:10.0.2.100:3389
    174K 8438K Proxy tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

    Chain POSTROUTING (policy ACCEPT 4509K packets, 289M bytes)
    pkts bytes target prot opt in out source destination
    12M 790M SNATVS all -- * * 0.0.0.0/0 0.0.0.0/0
    3514K 235M MASQUERADE all -- * ETH00 0.0.0.0/0 0.0.0.0/0
    4079K 266M MASQUERADE all -- * ETH01 0.0.0.0/0 0.0.0.0/0

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination
    in reply to: VPN LAN-to-LAN and IP Masquerading #53714
    DarknessBBB
    Participant

    First of all, thank you for answering

    Site A
    subnet 10.0.0.0/24
    Zeroshell IP: 10.0.0.1
    Default Gateway for clients 10.0.0.1
    NO Nat on VPN01
    VPN:

    Routing:

    Site B
    subnet 10.0.2.0/24
    Zeroshell IP: 10.0.2.1
    Default Gateway for clients 10.0.2.1
    No NAT on VPN00
    VPN:

    Routing:

    as you can see is a very simple configuration

    in reply to: VPN LAN-to-LAN and IP Masquerading #53713
    DarknessBBB
    Participant

    First of all, thank you for answering

    Site A
    subnet 10.0.0.0/24
    Zeroshell IP: 10.0.0.1
    Default Gateway for clients 10.0.0.1
    NO Nat on VPN01


    Site B
    subnet 10.0.2.0/24
    Zeroshell IP: 10.0.2.1
    Default Gateway for clients 10.0.2.1
    No NAT on VPN00

    as you can see is a very simple configuration

Viewing 6 posts - 1 through 6 (of 6 total)