Subnets the same on both LANs? Terri Kelley Network Engineer 254-697-6710 x 1140 Farm to Market Broadband www.farm-market.net
On Oct 29, 2010, at 12:11 PM, Alan Bryant wrote: > I'm having issues with some port forwarding rules. > > I have two locations which both have RB750's. I am forwarding ports so > that the customer can view his cameras at both locations. > > The problem is, he is unable to view the cameras from one location at > the other location and vice versa. Basically, he cannot view the > cameras between the two. > > Any suggestions or advice would be greatly appreciated. > > Here is the /ip firewall filter export of the first one: > > /ip firewall filter > add action=accept chain=input comment="Added by webbox" disabled=no > protocol=icmp > add action=accept chain=input comment="Winbox from Gtek" disabled=no > dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 > add action=accept chain=input comment="SSH from Gtek" disabled=no > dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 > add action=accept chain=input comment="Added by webbox" > connection-state=established disabled=no in-interface=ether1-gateway > add action=accept chain=input comment="Added by webbox" > connection-state=related disabled=no in-interface=ether1-gateway > add action=drop chain=input comment="Added by webbox" disabled=no > in-interface=ether1-gateway > add action=jump chain=forward comment="Added by webbox" disabled=no > in-interface=ether1-gateway jump-target=customer > add action=accept chain=customer comment="Camera Server" disabled=no > dst-address=192.168.1.250 dst-port=80,1111,2222,3333,4444,6666 > in-interface=ether1-gateway protocol=tcp > add action=accept chain=customer comment="Added by webbox" > connection-state=established disabled=no > add action=accept chain=customer comment="Added by webbox" > connection-state=related disabled=no > add action=drop chain=customer comment="Added by webbox" disabled=no > > /ip firewall nat for the first one: > > /ip firewall nat > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.199.157 dst-port=80 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.250 to-ports=80 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.199.157 dst-port=1111 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.250 to-ports=1111 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.199.157 dst-port=2222 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.250 to-ports=2222 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.199.157 dst-port=3333 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.250 to-ports=3333 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.199.157 dst-port=4444 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.250 to-ports=4444 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.199.157 dst-port=6666 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.250 to-ports=6666 > add action=masquerade chain=srcnat comment="Added by webbox" > disabled=no out-interface=ether1-gateway > > /ip firewall export from the second one: > > /ip firewall filter > add action=accept chain=input comment="Added by webbox" disabled=no > protocol=icmp > add action=accept chain=input comment="Winbox from Gtek" disabled=no > dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 > add action=accept chain=input comment="SSH from Gtek" disabled=no > dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 > add action=accept chain=input comment="Added by webbox" > connection-state=established disabled=no in-interface=ether1-gateway > add action=accept chain=input comment="Added by webbox" > connection-state=related disabled=no in-interface=ether1-gateway > add action=drop chain=input comment="Added by webbox" disabled=no > in-interface=ether1-gateway > add action=jump chain=forward comment="Added by webbox" disabled=no > in-interface=ether1-gateway jump-target=customer > add action=accept chain=customer comment="Added by webbox" > connection-state=established disabled=no > add action=accept chain=customer comment="Added by webbox" > connection-state=related disabled=no > add action=accept chain=customer comment="Camera Server" disabled=no > dst-address=192.168.1.212 dst-port=80,1111,2222,3333,4444,6666 > protocol=tcp > add action=accept chain=customer comment="" disabled=yes > dst-address=192.168.1.100 dst-port=5631-5632 protocol=tcp > add action=accept chain=customer comment="" disabled=yes > dst-address=192.168.1.200 dst-port=5634-5635 protocol=tcp > add action=accept chain=customer comment="" disabled=yes > dst-address=192.168.1.150 dst-port=7000-7001 protocol=tcp > add action=drop chain=customer comment="Added by webbox" disabled=no > > /ip firewall nat from the second one: > > /ip firewall nat > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.11.245 dst-port=80 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.212 to-ports=80 > add action=dst-nat chain=dstnat comment="" disabled=yes > dst-address=xxx.xxx.11.245 dst-port=5631-5632 > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.100 > to-ports=5631-5632 > add action=dst-nat chain=dstnat comment="" disabled=yes > dst-address=xxx.xxx.11.245 dst-port=5634-5635 > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.200 > to-ports=5634-5635 > add action=dst-nat chain=dstnat comment="" disabled=yes > dst-address=xxx.xxx.11.245 dst-port=7000-7001 > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.150 > to-ports=7000-7001 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.11.245 dst-port=1111 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.212 to-ports=1111 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.11.245 dst-port=2222 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.212 to-ports=2222 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.11.245 dst-port=3333 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.2.212 to-ports=3333 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.11.245 dst-port=4444 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.1.212 to-ports=4444 > add action=dst-nat chain=dstnat comment="" disabled=no > dst-address=xxx.xxx.11.245 dst-port=6666 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.2.212 to-ports=6666 > add action=masquerade chain=srcnat comment="Added by webbox" > disabled=no out-interface=ether1-gateway > > -- > Alan Bryant > Gtek Computers & Wireless L.L.C. > Office: 361-777-1400 | Fax: 361-777-1405 > [email protected] | www.gtek.biz > > CONFIDENTIALITY NOTICE: This communication (including any attachments) > may contain privileged or confidential information intended for a > specific individual and purpose, and is protected by law. If you are > not the intended recipient, you should delete this communication > and/or shred the materials and any attachments and are hereby notified > that any disclosure, copying, or distribution of this communication, > or the taking of any action based on it, is strictly prohibited. Thank > you. > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20101029/5d229ba9/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
