What IP each lan is trying to access, It looks to be xxx.xxx.199.157 and xxx.xxx.11.2 ? are these Publics? We have a number of BigDog security DVR's on the network and they did not like double NAT where each NAT had the same ip range. I would change the LAN IP's on one side or the other (something 10.x/24) and setup a PPtP and just route the single IP needed to each side.
On Fri, Oct 29, 2010 at 10:41 AM, Terri Kelley <[email protected]> wrote: > Subnets the same on both LANs? They are each behind NAT. Personally do 10./24's everyplace. > > Terri Kelley > Network Engineer > 254-697-6710 x 1140 > Farm to Market Broadband > www.farm-market.net > > > > On Oct 29, 2010, at 12:11 PM, Alan Bryant wrote: > >> I'm having issues with some port forwarding rules. >> >> I have two locations which both have RB750's. I am forwarding ports so >> that the customer can view his cameras at both locations. >> >> The problem is, he is unable to view the cameras from one location at >> the other location and vice versa. Basically, he cannot view the >> cameras between the two. >> >> Any suggestions or advice would be greatly appreciated. >> >> Here is the /ip firewall filter export of the first one: >> >> /ip firewall filter >> add action=accept chain=input comment="Added by webbox" disabled=no >> protocol=icmp >> add action=accept chain=input comment="Winbox from Gtek" disabled=no >> dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 >> add action=accept chain=input comment="SSH from Gtek" disabled=no >> dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 >> add action=accept chain=input comment="Added by webbox" >> connection-state=established disabled=no in-interface=ether1-gateway >> add action=accept chain=input comment="Added by webbox" >> connection-state=related disabled=no in-interface=ether1-gateway >> add action=drop chain=input comment="Added by webbox" disabled=no >> in-interface=ether1-gateway >> add action=jump chain=forward comment="Added by webbox" disabled=no >> in-interface=ether1-gateway jump-target=customer >> add action=accept chain=customer comment="Camera Server" disabled=no >> dst-address=192.168.1.250 dst-port=80,1111,2222,3333,4444,6666 >> in-interface=ether1-gateway protocol=tcp >> add action=accept chain=customer comment="Added by webbox" >> connection-state=established disabled=no >> add action=accept chain=customer comment="Added by webbox" >> connection-state=related disabled=no >> add action=drop chain=customer comment="Added by webbox" disabled=no >> >> /ip firewall nat for the first one: >> >> /ip firewall nat >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.199.157 dst-port=80 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.250 to-ports=80 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.199.157 dst-port=1111 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.250 to-ports=1111 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.199.157 dst-port=2222 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.250 to-ports=2222 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.199.157 dst-port=3333 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.250 to-ports=3333 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.199.157 dst-port=4444 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.250 to-ports=4444 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.199.157 dst-port=6666 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.250 to-ports=6666 >> add action=masquerade chain=srcnat comment="Added by webbox" >> disabled=no out-interface=ether1-gateway >> >> /ip firewall export from the second one: >> >> /ip firewall filter >> add action=accept chain=input comment="Added by webbox" disabled=no >> protocol=icmp >> add action=accept chain=input comment="Winbox from Gtek" disabled=no >> dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 >> add action=accept chain=input comment="SSH from Gtek" disabled=no >> dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 >> add action=accept chain=input comment="Added by webbox" >> connection-state=established disabled=no in-interface=ether1-gateway >> add action=accept chain=input comment="Added by webbox" >> connection-state=related disabled=no in-interface=ether1-gateway >> add action=drop chain=input comment="Added by webbox" disabled=no >> in-interface=ether1-gateway >> add action=jump chain=forward comment="Added by webbox" disabled=no >> in-interface=ether1-gateway jump-target=customer >> add action=accept chain=customer comment="Added by webbox" >> connection-state=established disabled=no >> add action=accept chain=customer comment="Added by webbox" >> connection-state=related disabled=no >> add action=accept chain=customer comment="Camera Server" disabled=no >> dst-address=192.168.1.212 dst-port=80,1111,2222,3333,4444,6666 >> protocol=tcp >> add action=accept chain=customer comment="" disabled=yes >> dst-address=192.168.1.100 dst-port=5631-5632 protocol=tcp >> add action=accept chain=customer comment="" disabled=yes >> dst-address=192.168.1.200 dst-port=5634-5635 protocol=tcp >> add action=accept chain=customer comment="" disabled=yes >> dst-address=192.168.1.150 dst-port=7000-7001 protocol=tcp >> add action=drop chain=customer comment="Added by webbox" disabled=no >> >> /ip firewall nat from the second one: >> >> /ip firewall nat >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.11.245 dst-port=80 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.212 to-ports=80 >> add action=dst-nat chain=dstnat comment="" disabled=yes >> dst-address=xxx.xxx.11.245 dst-port=5631-5632 >> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.100 >> to-ports=5631-5632 >> add action=dst-nat chain=dstnat comment="" disabled=yes >> dst-address=xxx.xxx.11.245 dst-port=5634-5635 >> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.200 >> to-ports=5634-5635 >> add action=dst-nat chain=dstnat comment="" disabled=yes >> dst-address=xxx.xxx.11.245 dst-port=7000-7001 >> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.150 >> to-ports=7000-7001 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.11.245 dst-port=1111 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.212 to-ports=1111 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.11.245 dst-port=2222 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.212 to-ports=2222 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.11.245 dst-port=3333 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.2.212 to-ports=3333 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.11.245 dst-port=4444 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.1.212 to-ports=4444 >> add action=dst-nat chain=dstnat comment="" disabled=no >> dst-address=xxx.xxx.11.245 dst-port=6666 in-interface=ether1-gateway >> protocol=tcp to-addresses=192.168.2.212 to-ports=6666 >> add action=masquerade chain=srcnat comment="Added by webbox" >> disabled=no out-interface=ether1-gateway >> >> -- >> Alan Bryant >> Gtek Computers & Wireless L.L.C. >> Office: 361-777-1400 | Fax: 361-777-1405 >> [email protected] | www.gtek.biz >> >> CONFIDENTIALITY NOTICE: This communication (including any attachments) >> may contain privileged or confidential information intended for a >> specific individual and purpose, and is protected by law. If you are >> not the intended recipient, you should delete this communication >> and/or shred the materials and any attachments and are hereby notified >> that any disclosure, copying, or distribution of this communication, >> or the taking of any action based on it, is strictly prohibited. Thank >> you. >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.butchevans.com/pipermail/mikrotik/attachments/20101029/5d229ba9/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
