Page 1 of 1

6.47 and Fordwarding Problem

Posted: Thu Jun 11, 2020 12:15 am
by kapi2454
Hi!! I have a DVR and this are the working rules

add action=dst-nat chain=dstnat comment=DVR dst-address-type=local dst-port=8000 in-interface=all-ppp in-interface-list=!LAN protocol=tcp to-addresses=192.168.88.9 to-ports=8000
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 dst-port=8000 out-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.88.0/24 dst-address-type=local dst-port=8000 protocol=tcp to-addresses=192.168.88.9 to-ports=8000

When I update to 6.47 this stop working, I delete all and create a simple rule but dont work. I roll back to long term firmware and all start working againg. Some problem with 6.47?

PD: I reseet all config and start over againg but NAT nos work on 2 mikrotik router on two diferents places. In the two examples i roll back to long term and all work fine again.

Thank you!!

Re: 6.47 and Fordwarding Problem

Posted: Thu Jun 11, 2020 7:44 pm
by anav
Hi!! I have a DVR and this are the working rules

add action=dst-nat chain=dstnat comment=DVR dst-address-type=local dst-port=8000 in-interface=all-ppp in-interface-list=!LAN protocol=tcp to-addresses=192.168.88.9 to-ports=8000
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 dst-port=8000 out-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.88.0/24 dst-address-type=local dst-port=8000 protocol=tcp to-addresses=192.168.88.9 to-ports=8000

When I update to 6.47 this stop working, I delete all and create a simple rule but dont work. I roll back to long term firmware and all start working againg. Some problem with 6.47?

PD: I reseet all config and start over againg but NAT nos work on 2 mikrotik router on two diferents places. In the two examples i roll back to long term and all work fine again.

Thank you!!
Hi, there, there is a neater way of doing Hairpin Nat thats cleaner and less error prone (config line also makes more sense).
Your rules are actually bloated and potentially causing the problem for example you only need one dst nat rule.

.
Recommend the following
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24

For dst nat rule.
add chain=srcnat(wrong my bad - use chain=dstnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan \ ***
to-addresses=192.168.88.9

*** Go to IP CLOUD and enable DDNS and copy the DDNS NAME.
Go to ip firewall address list and add a new list with name: external_wan and for address, PASTE the ddns name into the address entry block. DONE!

Re: 6.47 and Fordwarding Problem

Posted: Fri Jun 12, 2020 3:12 pm
by kapi2454
Thank for answer but not work :(
I create the list perfectly, then
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24
but when add the other rule it give me an error.

[mapet@MikroTik] /ip firewall nat> add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9
failure: srcnat chain can not contain redirect/dnat actions

Re: 6.47 and Fordwarding Problem

Posted: Fri Jun 12, 2020 3:29 pm
by anav
Thank for answer but not work :(
I create the list perfectly, then
add chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24
but when add the other rule it give me an error.

[mapet@MikroTik] /ip firewall nat> add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9
failure: srcnat chain can not contain redirect/dnat actions
Yes of course that would give you an error, look at that rule you made more closely!!
/ip firewall nat>
add chain=srcnat action=dst-nat protocol=tcp dst-port=8000 dst-address-list=external_wan to-addresses=192.168.88.9

I went back and noticed that it was my error, my apologies!!! Should work now.
Obviously when making a destination nat rule, one uses the destination nat chain! Well when you are not getting paid help LOL......