Community discussions

MikroTik App
 
Joshiii
newbie
Topic Author
Posts: 29
Joined: Wed May 20, 2009 10:13 am

Nat and PPTP issues

Thu Feb 09, 2012 11:57 am

I have a Fritz box ADSL 10 Meg down and 1 Meg up with a Mikrotik RB450 behind it. My problem is I src-nat all outgoing traffick, which works well. I now added a Polycom ip video conference unit to the ethernet 3 port. All connections from this unit works well, but the moment I add a destination nat to enable incoming calls to reach the Polycom unit, my pptp connections wont connect, how do I still accept pptp connections to the outside of the MT without it being re routed to the polycom.

my configs are.

ether1 = wan
ether2 = xxx.xx.11.0/24
ether3 = xxx.xx.23.0/24

ether1 is connected to the Fritz box, which has no firewall enabled.
ether2 is connected to my admin vlan
ether3 is connected to my 20 hotspots on site.

nat configs are

add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=dst-nat chain=dstnat disabled=no dst-address=xxx.xxx.xxx.3 to-addresses=xxx.xx.23.50 (Polycom Unit)

with all firewall rules disabled for the moment incoming and outgoing traffick is working normal, Polycom uses H323 and SIP and connections in and out are working. My only problem is the PPTP server listening on ether1 stops accepting connections, existing connections remain connected.

I also need to find a rule to give the Polycom maximum traffick (when a video con is in progress.) and throttle all pptp connections (incoming), hotspot traffick (outgoing) and local proxy connections listening on ether 2 and ether 3 (Outgoing)
 
maxstel
Trainer
Trainer
Posts: 70
Joined: Fri Jun 18, 2010 1:54 pm

Re: Nat and PPTP issues

Fri Feb 10, 2012 8:53 am

I have a Fritz box ADSL 10 Meg down and 1 Meg up with a Mikrotik RB450 behind it. My problem is I src-nat all outgoing traffick, which works well. I now added a Polycom ip video conference unit to the ethernet 3 port. All connections from this unit works well, but the moment I add a destination nat to enable incoming calls to reach the Polycom unit, my pptp connections wont connect, how do I still accept pptp connections to the outside of the MT without it being re routed to the polycom.

my configs are.

ether1 = wan
ether2 = xxx.xx.11.0/24
ether3 = xxx.xx.23.0/24

ether1 is connected to the Fritz box, which has no firewall enabled.
ether2 is connected to my admin vlan
ether3 is connected to my 20 hotspots on site.

nat configs are

add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=dst-nat chain=dstnat disabled=no dst-address=xxx.xxx.xxx.3 to-addresses=xxx.xx.23.50 (Polycom Unit)
I think the problem is that you must leave out, from the dst-nat, the PPTP tcp port...
Try this "chain=dstnat action=dst-nat to-addresses=xxx.xx.23.50 protocol=tcp dst-address=xxx.xxx.xxx.3 in-interface=ether1 dst-port=!1723"
If it work, add another dst-nat rule for UDP and you should be fine...

with all firewall rules disabled for the moment incoming and outgoing traffick is working normal, Polycom uses H323 and SIP and connections in and out are working. My only problem is the PPTP server listening on ether1 stops accepting connections, existing connections remain connected.

I also need to find a rule to give the Polycom maximum traffick (when a video con is in progress.) and throttle all pptp connections (incoming), hotspot traffick (outgoing) and local proxy connections listening on ether 2 and ether 3 (Outgoing)
 
User avatar
cybercoder
Member Candidate
Member Candidate
Posts: 175
Joined: Tue Dec 07, 2010 11:20 pm
Location: Guilan, Iran
Contact:

Re: Nat and PPTP issues

Fri Feb 10, 2012 10:50 am

I also need to find a rule to give the Polycom maximum traffick (when a video con is in progress.) and throttle all pptp connections (incoming), hotspot traffick (outgoing) and local proxy connections listening on ether 2 and ether 3 (Outgoing)
You can assign a simple queue for the Polycom address and trigger it's priority up for guarantee it's bandwidth by setting limit-at attribute.
You can use Netwatch to Monitor and Make decisions by scripts.

Who is online

Users browsing this forum: No registered users and 18 guests