Hi!! I have a DVR and this are the working rules
add action=dst-nat chain=dstnat comment=DVR dst-address-type=local dst-port=8000 in-interface=all-ppp in-interface-list=!LAN protocol=tcp to-addresses=192.168.88.9 to-ports=8000
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 dst-port=8000 out-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.88.0/24 dst-address-type=local dst-port=8000 protocol=tcp to-addresses=192.168.88.9 to-ports=8000
When I update to 6.47 this stop working, I delete all and create a simple rule but dont work. I roll back to long term firmware and all start working againg. Some problem with 6.47?
PD: I reseet all config and start over againg but NAT nos work on 2 mikrotik router on two diferents places. In the two examples i roll back to long term and all work fine again.
Thank you!!
Re: 6.47 and Fordwarding Problem
Hi, there, there is a neater way of doing Hairpin Nat thats cleaner and less error prone (config line also makes more sense).Hi!! I have a DVR and this are the working rules
add action=dst-nat chain=dstnat comment=DVR dst-address-type=local dst-port=8000 in-interface=all-ppp in-interface-list=!LAN protocol=tcp to-addresses=192.168.88.9 to-ports=8000
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 dst-port=8000 out-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.88.0/24 dst-address-type=local dst-port=8000 protocol=tcp to-addresses=192.168.88.9 to-ports=8000
When I update to 6.47 this stop working, I delete all and create a simple rule but dont work. I roll back to long term firmware and all start working againg. Some problem with 6.47?
PD: I reseet all config and start over againg but NAT nos work on 2 mikrotik router on two diferents places. In the two examples i roll back to long term and all work fine again.
Thank you!!
Your rules are actually bloated and potentially causing the problem for example you only need one dst nat rule.
.
Recommend the following
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24
For dst nat rule.
add chain=srcnat(wrong my bad - use chain=dstnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan \ ***
to-addresses=192.168.88.9
*** Go to IP CLOUD and enable DDNS and copy the DDNS NAME.
Go to ip firewall address list and add a new list with name: external_wan and for address, PASTE the ddns name into the address entry block. DONE!
Last edited by anav on Fri Jun 12, 2020 3:30 pm, edited 2 times in total.
Re: 6.47 and Fordwarding Problem
Thank for answer but not work 
I create the list perfectly, then
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24
but when add the other rule it give me an error.
[mapet@MikroTik] /ip firewall nat> add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9
failure: srcnat chain can not contain redirect/dnat actions
I create the list perfectly, then
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24
but when add the other rule it give me an error.
[mapet@MikroTik] /ip firewall nat> add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9
failure: srcnat chain can not contain redirect/dnat actions
Re: 6.47 and Fordwarding Problem
Yes of course that would give you an error, look at that rule you made more closely!!Thank for answer but not work
I create the list perfectly, then
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24
but when add the other rule it give me an error.
[mapet@MikroTik] /ip firewall nat> add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9
failure: srcnat chain can not contain redirect/dnat actions
/ip firewall nat>
add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9
I went back and noticed that it was my error, my apologies!!! Should work now.
Obviously when making a destination nat rule, one uses the destination nat chain! Well when you are not getting paid help LOL......
Who is online
Users browsing this forum: Bomber67 and 4 guests