Yes, they are public's, we are not double nating. We will try switching one of the LAN subnets on Monday and see if that makes a difference.
Thanks for the suggestions. On Fri, Oct 29, 2010 at 12:56 PM, Jeromie Reeves <jree...@18-30chat.net> wrote: > What IP each lan is trying to access, It looks to be xxx.xxx.199.157 > and xxx.xxx.11.2 ? are these Publics? We have a number of BigDog > security DVR's on the network and they did not like double NAT where > each NAT had the same ip range. I would change the LAN IP's on one > side or the other (something 10.x/24) and setup a PPtP and just route > the single IP needed to each side. > > > On Fri, Oct 29, 2010 at 10:41 AM, Terri Kelley <net...@farm-market.net> wrote: >> Subnets the same on both LANs? > > They are each behind NAT. Personally do 10./24's everyplace. > >> >> Terri Kelley >> Network Engineer >> 254-697-6710 x 1140 >> Farm to Market Broadband >> www.farm-market.net >> >> >> >> On Oct 29, 2010, at 12:11 PM, Alan Bryant wrote: >> >>> I'm having issues with some port forwarding rules. >>> >>> I have two locations which both have RB750's. I am forwarding ports so >>> that the customer can view his cameras at both locations. >>> >>> The problem is, he is unable to view the cameras from one location at >>> the other location and vice versa. Basically, he cannot view the >>> cameras between the two. >>> >>> Any suggestions or advice would be greatly appreciated. >>> >>> Here is the /ip firewall filter export of the first one: >>> >>> /ip firewall filter >>> add action=accept chain=input comment="Added by webbox" disabled=no >>> protocol=icmp >>> add action=accept chain=input comment="Winbox from Gtek" disabled=no >>> dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 >>> add action=accept chain=input comment="SSH from Gtek" disabled=no >>> dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 >>> add action=accept chain=input comment="Added by webbox" >>> connection-state=established disabled=no in-interface=ether1-gateway >>> add action=accept chain=input comment="Added by webbox" >>> connection-state=related disabled=no in-interface=ether1-gateway >>> add action=drop chain=input comment="Added by webbox" disabled=no >>> in-interface=ether1-gateway >>> add action=jump chain=forward comment="Added by webbox" disabled=no >>> in-interface=ether1-gateway jump-target=customer >>> add action=accept chain=customer comment="Camera Server" disabled=no >>> dst-address=192.168.1.250 dst-port=80,1111,2222,3333,4444,6666 >>> in-interface=ether1-gateway protocol=tcp >>> add action=accept chain=customer comment="Added by webbox" >>> connection-state=established disabled=no >>> add action=accept chain=customer comment="Added by webbox" >>> connection-state=related disabled=no >>> add action=drop chain=customer comment="Added by webbox" disabled=no >>> >>> /ip firewall nat for the first one: >>> >>> /ip firewall nat >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.199.157 dst-port=80 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.250 to-ports=80 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.199.157 dst-port=1111 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.250 to-ports=1111 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.199.157 dst-port=2222 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.250 to-ports=2222 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.199.157 dst-port=3333 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.250 to-ports=3333 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.199.157 dst-port=4444 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.250 to-ports=4444 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.199.157 dst-port=6666 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.250 to-ports=6666 >>> add action=masquerade chain=srcnat comment="Added by webbox" >>> disabled=no out-interface=ether1-gateway >>> >>> /ip firewall export from the second one: >>> >>> /ip firewall filter >>> add action=accept chain=input comment="Added by webbox" disabled=no >>> protocol=icmp >>> add action=accept chain=input comment="Winbox from Gtek" disabled=no >>> dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 >>> add action=accept chain=input comment="SSH from Gtek" disabled=no >>> dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 >>> add action=accept chain=input comment="Added by webbox" >>> connection-state=established disabled=no in-interface=ether1-gateway >>> add action=accept chain=input comment="Added by webbox" >>> connection-state=related disabled=no in-interface=ether1-gateway >>> add action=drop chain=input comment="Added by webbox" disabled=no >>> in-interface=ether1-gateway >>> add action=jump chain=forward comment="Added by webbox" disabled=no >>> in-interface=ether1-gateway jump-target=customer >>> add action=accept chain=customer comment="Added by webbox" >>> connection-state=established disabled=no >>> add action=accept chain=customer comment="Added by webbox" >>> connection-state=related disabled=no >>> add action=accept chain=customer comment="Camera Server" disabled=no >>> dst-address=192.168.1.212 dst-port=80,1111,2222,3333,4444,6666 >>> protocol=tcp >>> add action=accept chain=customer comment="" disabled=yes >>> dst-address=192.168.1.100 dst-port=5631-5632 protocol=tcp >>> add action=accept chain=customer comment="" disabled=yes >>> dst-address=192.168.1.200 dst-port=5634-5635 protocol=tcp >>> add action=accept chain=customer comment="" disabled=yes >>> dst-address=192.168.1.150 dst-port=7000-7001 protocol=tcp >>> add action=drop chain=customer comment="Added by webbox" disabled=no >>> >>> /ip firewall nat from the second one: >>> >>> /ip firewall nat >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.11.245 dst-port=80 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.212 to-ports=80 >>> add action=dst-nat chain=dstnat comment="" disabled=yes >>> dst-address=xxx.xxx.11.245 dst-port=5631-5632 >>> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.100 >>> to-ports=5631-5632 >>> add action=dst-nat chain=dstnat comment="" disabled=yes >>> dst-address=xxx.xxx.11.245 dst-port=5634-5635 >>> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.200 >>> to-ports=5634-5635 >>> add action=dst-nat chain=dstnat comment="" disabled=yes >>> dst-address=xxx.xxx.11.245 dst-port=7000-7001 >>> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.150 >>> to-ports=7000-7001 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.11.245 dst-port=1111 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.212 to-ports=1111 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.11.245 dst-port=2222 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.212 to-ports=2222 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.11.245 dst-port=3333 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.2.212 to-ports=3333 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.11.245 dst-port=4444 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.1.212 to-ports=4444 >>> add action=dst-nat chain=dstnat comment="" disabled=no >>> dst-address=xxx.xxx.11.245 dst-port=6666 in-interface=ether1-gateway >>> protocol=tcp to-addresses=192.168.2.212 to-ports=6666 >>> add action=masquerade chain=srcnat comment="Added by webbox" >>> disabled=no out-interface=ether1-gateway >>> >>> -- >>> Alan Bryant >>> Gtek Computers & Wireless L.L.C. >>> Office: 361-777-1400 | Fax: 361-777-1405 >>> a...@gtekcommunications.com | www.gtek.biz >>> >>> CONFIDENTIALITY NOTICE: This communication (including any attachments) >>> may contain privileged or confidential information intended for a >>> specific individual and purpose, and is protected by law. If you are >>> not the intended recipient, you should delete this communication >>> and/or shred the materials and any attachments and are hereby notified >>> that any disclosure, copying, or distribution of this communication, >>> or the taking of any action based on it, is strictly prohibited. Thank >>> you. >>> _______________________________________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> <http://www.butchevans.com/pipermail/mikrotik/attachments/20101029/5d229ba9/attachment.html> >> _______________________________________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > -- Alan Bryant Gtek Computers & Wireless L.L.C. Office: 361-777-1400 | Fax: 361-777-1405 a...@gtekcommunications.com | www.gtek.biz CONFIDENTIALITY NOTICE: This communication (including any attachments) may contain privileged or confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this communication and/or shred the materials and any attachments and are hereby notified that any disclosure, copying, or distribution of this communication, or the taking of any action based on it, is strictly prohibited. Thank you. _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
