hi dears
i want to remote view 4 dvr i have attached my network picture
i dont know what to forward in dsl modem and in router
thanks for help

If your MikroTik is acting as a router and performing source NAT on 192.168.1.2 you'll need to traverse 2 layers of NAT. If the MikroTik is acting as a router but not performing NAT then you will only need to setup NAT rules on your DSL modem.

If you don't have any access to your DSL modem the first step would be to see if it can be set to a bridge mode. From their you can setup your RouterBoard to receive a public IP (probably via PPP).

Hi idle mind
mikrotik Manage accounts and as i know it does source nat and modem configured in pppoe mode

https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

and ask "uncle Google" for "mikrotik dst nat port forward examples"

Hi
I am not expert in this field ,
And i need to accees dvrs through my dsl modem and mikrotik router ,
If you can help me i will ne thankful

You'll need to start by getting your DSL modem into bridge mode and configuring the MikroTik to do PPPoE.

Hi
Thanks idle mind
After this what should i do ?

When you have the public IP on the MikroTik you can then use NAT to provide access to your DVR systems. Likely, DST NAT using different port numbers for each DVR system.

Hi idlemind
I have created pppoe connection on my mikrotik modem and i have created nat rules to forward my public ip
2.181.129.32:8080 to 192.168.150.80:8080 . When i enter address in browser i see the packets in nat rules statistics tab but i cant conncet to dvr .
Any help

Post an export of your config. I assume locally your DVR uses port 8080 and the DVR has a default route pointing to the MikroTik?

hi idlemind
this is my router config
# aug/25/2017 17:42:15 by RouterOS 6.37.1
# software id = 96JZ-CU61
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether5 ] l2mtu=1520 name=ether2-VPN
set [ find default-name=ether2 ] l2mtu=1520 name=ether3-Hotspot
set [ find default-name=ether3 ] l2mtu=1520 name=ether4
set [ find default-name=ether4 ] l2mtu=1520 name=ether5
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway \
keepalive-timeout=disabled name=pppoe-out1 use-peer-dns=yes user=5435381612
/ip hotspot profile
add dns-name=nvco.ir hotspot-address=192.168.150.1 login-by=http-chap name=\
hsprof1 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] status-autorefresh=1h
add name=guest shared-users=10 transparent-proxy=yes
add name=dorostkar shared-users=2 transparent-proxy=yes
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=vpn-pool ranges=172.17.1.20-172.17.1.254
add name=hs-pool-3 ranges=192.168.150.100-192.168.150.254
add name=LAN-pool ranges=192.168.2.10-192.168.2.254
/ip dhcp-server
add address-pool=hs-pool-3 disabled=no interface=ether3-Hotspot lease-time=1h \
name=dhcp1
add address-pool=LAN-pool disabled=no interface=ether2-VPN lease-time=3d name=\
LAN
/ip hotspot
add address-pool=hs-pool-3 disabled=no interface=ether3-Hotspot name=hotspot1 \
profile=hsprof1
/ppp profile
set *0 dns-server=85.15.1.14,85.15.1.15
set *FFFFFFFE dns-server=217.218.127.127,172.17.1.1 local-address=172.17.1.1 \
remote-address=vpn-pool
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw currency=\
iran time-zone=+03:30
/tool user-manager profile
add name=2048-2G name-for-users="" override-shared-users=off owner=admin price=\
0 starts-at=logon validity=0s
add name=500M name-for-users="" override-shared-users=2 owner=admin price=0 \
starts-at=logon validity=0s
add name=managment name-for-users="" override-shared-users=off owner=admin \
price=0 starts-at=logon validity=0s
add name=2048-1GB name-for-users="" override-shared-users=off owner=admin \
price=0 starts-at=logon validity=0s
add name=night name-for-users="" override-shared-users=2 owner=admin price=0 \
starts-at=logon validity=0s
add name=admin name-for-users="" override-shared-users=off owner=admin price=0 \
starts-at=logon validity=0s
/tool user-manager profile limitation
add address-list="" download-limit=1073741824B group-name="" ip-pool="" name=\
202G8-1 owner=admin transfer-limit=1073741824B upload-limit=1073741824B \
uptime-limit=0s
add address-list="" download-limit=2147483648B group-name="" ip-pool="" name=\
2048-2 owner=admin transfer-limit=2147483648B upload-limit=2147483648B \
uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=500M owner=\
admin transfer-limit=524288000B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=100G owner=\
admin transfer-limit=107374182400B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=41943040B group-name="" ip-pool="" name=test \
owner=admin transfer-limit=0B upload-limit=0B uptime-limit=0s
/interface l2tp-server server
set max-mru=1460 max-mtu=1460
/interface pptp-server server
set authentication=pap,mschap1,mschap2 enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.1.2/24 comment=Gateway interface=ether1-gateway network=\
192.168.1.0
add address=192.168.150.1/24 comment=Hotspot-Local interface=ether3-Hotspot \
network=192.168.150.0
add address=192.168.2.1/24 disabled=yes interface=ether2-VPN network=\
192.168.2.0
/ip dhcp-server network
add address=192.168.150.0/24 comment="hotspot network" gateway=192.168.150.1
/ip dns
set allow-remote-requests=yes servers=217.218.127.127,217.218.155.155
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=masquerade chain=srcnat src-address=172.17.1.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.150.0/24
add action=dst-nat chain=dstnat dst-address=2.181.129.32 dst-port=8080 \
protocol=tcp to-addresses=192.168.150.80 to-ports=8080
/ip hotspot user
add name=admin
add disabled=yes limit-bytes-total=1073741824 name=q-rahmati server=hotspot1
add disabled=yes limit-bytes-in=419430400 name=b.m server=hotspot1
add disabled=yes name=guest profile=guest server=hotspot1
add name=mt profile=dorostkar server=hotspot1
add disabled=yes name=h.d profile=dorostkar
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.1
/ip service
set www port=81
set api disabled=yes
/ppp aaa
set use-radius=yes
/ppp secret
add local-address=0.0.0.0 name=ppp1
/radius
add address=127.0.0.1 service=ppp,hotspot
/radius incoming
set accept=yes port=1700
/system clock
set time-zone-autodetect=no
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set ether3-Hotspot disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether2-VPN disabled=yes display-time=5s
/tool user-manager database
set db-path=user-manager1
/tool user-manager profile profile-limitation
add from-time=0s limitation=2048-2 profile=2048-2G till-time=23h59m59s \
weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=500M profile=500M till-time=23h59m59s weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=202G8-1 till-time=23h59m59s weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=17h limitation=2048-2 till-time=17h5m weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=202G8-1 profile=2048-1GB till-time=23h59m59s \
weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=10h43m limitation=202G8-1 till-time=10h44m weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=9h5m limitation=100G profile=night till-time=9h6m weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=2048-2 profile=admin till-time=23h59m59s weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=auth-fail \
name=server1 shared-secret=12345 use-coa=yes
/tool user-manager user
add customer=admin disabled=no shared-users=1 username=g-hoseini \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=korosh \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=mon wireless-enc-algo=\
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=y-mehran \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=support \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=g-hoseini2 \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=m-ruhi \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=electrical \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=jr wireless-enc-algo=\
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=qc wireless-enc-algo=\
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=h.d wireless-enc-algo=\
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=rigi wireless-enc-algo=\
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=1 username=arash wireless-enc-algo=\
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=yes shared-users=1 username=guest \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

Dear dorostkar:

When you access cameras, are you accessing them from outside the network in which the cameras are located, or from inside the same network? With what address are you accessing them?

a) If you are accessing the cameras from within the same network, you need to access them using their internal IP addresses, OR you need to set up a NAT hairpin (google it or search in the forum). You can determine if this is happening by using the Torch tool in winbox. Take a look at the source and destination addresses of the traffic going to and from the DVR.
b) If you are accessing them from outside the network, use the public IP addresses. Try to run some tests using 3G/4G or from an outside network.


Let me know if this helps,

Kind regards

Dear stosber cameras are connected to dvr with analog connection and i just enter public ip address to route to dvr from outside of network with 3g .

@idlemind
Any suggestion about my router config ?

Is that a complete dump? You don't appear to have a masquerade for your DVR going out to the Internet.

Hi @idlemind
Its complete .
How to add that masquerde ?
Thanks

I had a chance to look closer, you have a MASQUERADE rule for the network the camera is on, 192.168.150.0/24. The thing I noticed is that network is called out as a HotSpot network. Wouldn't you want your DVR on your LAN, 192.168.2.0/24? I'm thinking if the DVR is actually in the HotSpot network it needs to authenticate like any other client. I personally don't and haven't used HotSpot yet so I'm not versed 100% in it's technical operation.

Additionally, I don't see a MASQUERADE rule for your LAN. Does the Internet not work on your LAN side at the moment?

Hi idlemind
Yes you are right dvr is on the hotspot network and need authentication .
I have and an idea can i use another unused port of my router to connect to dvr and have free internet on this port
Thank you

Yup, give that a whirl and see where you are at. You'll need to create a MASQUERADE rule in the SRCNAT chain for the new network you create.

@idlemind
I will try it
Thanks