I have a Mikrotik(DC), acting as a l2tp server and a CentOS7(Office) OS connected to that server. The problem is that I can ping the mikrotik from the centos and from the network behind it, and I can ping centos from mikrotik and network behind it. But I can't access any of the computers behind mikrotik and behind centos. iptables:
# Generated by iptables-save v1.4.21 on Wed Feb 6 00:26:09 2019
*nat
:PREROUTING ACCEPT [10023:752813]
:INPUT ACCEPT [1512:195812]
:OUTPUT ACCEPT [71:5442]
:POSTROUTING ACCEPT [3521:254098]
-A POSTROUTING -o ppp0 -j MASQUERADE
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Feb 6 00:26:09 2019
# Generated by iptables-save v1.4.21 on Wed Feb 6 00:26:09 2019
*filter
:INPUT ACCEPT [24872:18721138]
:FORWARD ACCEPT [415636:32442804]
:OUTPUT ACCEPT [19025:3915262]
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
COMMIT
# Completed on Wed Feb 6 00:26:09 2019
mikrotik firewall:
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input src-address=10.192.68.0/24
add action=accept chain=input src-address=10.192.69.0/24
add action=accept chain=input port=1701,500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input src-address=10.192.67.0/24
add action=accept chain=forward disabled=yes dst-address=10.192.69.0/24 \
src-address=10.192.68.0/24
add action=accept chain=forward disabled=yes dst-address=10.192.68.0/24 \
src-address=10.192.69.0/24
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
mikrotik nat:
/ip firewall nat
add action=accept chain=srcnat disabled=yes dst-address=10.192.69.0/24 src-address=\
10.192.68.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=all-ppp
add action=masquerade chain=srcnat out-interface=l2tp-in-Jarvis src-address=\
10.192.68.0/24
Office network: 10.192.69.0/24 DC network: 10.192.68.0/24 I want to be able to to access network behind mikrotik from the office and vise versa, please point me int he direction where have I messed up?