Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

NAT Reflection + Dynamic DNS

Locked
 
ITO
just joined
Topic Author
Posts: 1
Joined: Wed Nov 19, 2014 12:30 pm

NAT Reflection + Dynamic DNS

Thu Nov 20, 2014 3:37 am

Hi guys,

I'm rather new to Mikrotik and networking
Recently I have just replaced my router and currently having some NAT reflection issues
I've read up a lot on setting up srtnat and dstnat for NAT reflection
Apparently my Internet provider gives out dynamic IP address and I had to resort to Dynamic DNS handle my domain
Can anyone assist or advice on what or where should i change / start from the following Firewall NAT settings below?
Code: Select all
 0    ;;; default configuration
      chain=srcnat action=masquerade to-addresses=0.0.0.0 
      out-interface=ether1-gateway log=no log-prefix="" 

 1    chain=srcnat action=masquerade out-interface=UniFi-Internet log=no 
      log-prefix="" 

 2    chain=dstnat action=dst-nat to-addresses=192.168.1.88 to-ports=1194 
      protocol=udp in-interface=UniFi-Internet dst-port=1194 log=no 
      log-prefix="" 

 3    chain=dstnat action=dst-nat to-addresses=192.168.1.16 to-ports=80 
      protocol=tcp in-interface=UniFi-Internet dst-port=80 log=no 
      log-prefix="" 

 4    chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=443 
      protocol=tcp in-interface=UniFi-Internet dst-port=60 log=no 
      log-prefix="" 

 5    chain=dstnat action=dst-nat to-addresses=192.168.1.60 to-ports=80 
      protocol=tcp in-interface=UniFi-Internet dst-port=61 log=no 
      log-prefix="" 

 6    chain=dstnat action=dst-nat to-addresses=192.168.1.41 to-ports=80 
      protocol=tcp in-interface=UniFi-Internet dst-port=1262 log=no 
      log-prefix=""
Top
 
error216216
newbie
Posts: 25
Joined: Fri May 23, 2014 2:07 am

Re: NAT Reflection + Dynamic DNS

Sat Nov 22, 2014 3:08 am

Well the forwarding seems ok but I don't understand why you have 2 masquerade rules? Do you have 2 ISP connections, one on interface UniFi-Internet and one on ether1-gateway? if not, remove the one that is not valid, you should also remove the to-addresses=0.0.0.0 from rule 0, I don't see it's usefulness, as for nat reflection it's simple:
If you want to access the public ip or the Domain that goes to the public ip from the LAN and have it reflect to the private ip of the server you forwarded the port to, simply remove the "in-interface=UniFi-Internet" from the dst-nat rule/s you want the reflection to happed and poof, any traffic that comes to the router on that port, no matter where it comes from will be redirected to private ip/port of that rule.
Top
Locked
  4. RouterOS
  5. Beginner Basics