Community discussions

MUM Europe 2020

Search found 17 matches

by icttech
Wed Dec 11, 2019 1:14 am
Forum: General
Topic: DSTNAT Source Add List Question [SOLVED]
Replies: 4
Views: 789

Re: DSTNAT Source Add List Question [SOLVED]

It is because you use action=netmap instead of action=dst-nat.
netmap is a 1:1 mapping.
Yes, that was it, thanks.
by icttech
Tue Dec 10, 2019 10:21 pm
Forum: General
Topic: DSTNAT Source Add List Question [SOLVED]
Replies: 4
Views: 789

Re: DSTNAT Source Add List Question [SOLVED]

Hello, yes I'm using src add list with IP addresses and when testing I found that once source IP (i.e. 2.2.2.2 in Corp src list) has been connected and then other subsequent clients from 2.2.2.2 are rejected. Only the one client from IP 2.2.2.2 is allowed a connection state. I can use other IP addre...
by icttech
Tue Dec 10, 2019 6:51 pm
Forum: General
Topic: DSTNAT Source Add List Question [SOLVED]
Replies: 4
Views: 789

DSTNAT Source Add List Question [SOLVED]

When trying to allow only a single IP address to DSTNAT to an application box I notice that only one connection is allowed from that src Add List. Can I allow more than one connection from the same IP this way? i.e. chain=dstnat action=netmap to-addresses=10.10.10.10 to-ports=3333 protocol=tcp dst-a...
by icttech
Mon Oct 21, 2019 1:51 pm
Forum: General
Topic: Internal HairPIN NAT Split DNS
Replies: 11
Views: 1451

Re: Internal HairPIN NAT Split DNS

/ip firewall nat add chain=srcnat src-address=192.168.1.10 dst-address=192.168.1.2 protocol=tcp dst-port=80 out-interface=LAN action=src-nat to-addresses=192.168.1.1 In this case just hosting servers - like server1.local: /ip firewall nat 1 ;;; server1.local chain=srcnat action=src-nat to-addresses...
by icttech
Mon Oct 21, 2019 2:47 am
Forum: General
Topic: Internal HairPIN NAT Split DNS
Replies: 11
Views: 1451

Re: Internal HairPIN NAT Split DNS

looking for possible solutions What are you guys using for this issue of "internal hairpin NAT" on local lookups reporting the GW instead of the internal host IP? It is sometimes a real pain when troubleshooting or looking for some security issues. When we speak about traffic from host1 who enter t...
by icttech
Mon Oct 21, 2019 2:05 am
Forum: General
Topic: Internal HairPIN NAT Split DNS
Replies: 11
Views: 1451

Re: Internal HairPIN NAT Split DNS

this is just host to host..No JIRA hosted here. Exacly. ( Host to himself OR host1 to host2 ) into the same subnet try reach subname.domain.tld = PublicIP at your local router who is DNAT-ed to him is not open. HaiPinNat. problem description step by step and solution = https://wiki.mikrotik.com/wik...
by icttech
Mon Oct 21, 2019 1:43 am
Forum: General
Topic: Internal HairPIN NAT Split DNS
Replies: 11
Views: 1451

Re: Internal HairPIN NAT Split DNS

Users and servers should be in different vlan's=subnet's - and you not must use HairPin.
If one server have software (like JIRA) what must connect to Public IP with DNAT to itself then you do HairPinNat for only this one server.
this is just host to host..No JIRA hosted here.
by icttech
Tue Oct 15, 2019 1:05 am
Forum: General
Topic: Internal HairPIN NAT Split DNS
Replies: 11
Views: 1451

Internal HairPIN NAT Split DNS

Hello.. What are you guys using for this issue of "internal hairpin NAT" on local lookups reporting the GW instead of the internal host IP? It is sometimes a real pain when troubleshooting or looking for some security issues. As pointed out in the Wiki: However, the web server only ever sees a sourc...
by icttech
Sun Sep 29, 2019 3:00 pm
Forum: General
Topic: Winbox Safe mode
Replies: 26
Views: 43972

Re: Winbox Safe mode

Planning to make some changes remotely and I need to know if this "bug" is still a problem or if safe mode working remotely in winbox 6.44.1 in win10 with a CCR 1009 8G 1S 1S+ is truly "safe". One thing I noticed is that by default "Autosave on Close" is checked and I'm wondering if this might be t...
by icttech
Sat Dec 29, 2018 11:04 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 3171

Re: Hairpin nat weirdness

Main problem is source ip of hairpined connection, all these connects coming with router ip and i'm unable to understand who is connected. This is by design when using hairpin-nat , i.e. source ip is always the router interface. If you try to explain what you are trying to accomplish, it might be e...
by icttech
Fri Dec 28, 2018 5:36 pm
Forum: General
Topic: IPSec behind DMZ Double NAT Problem [SOLVED]
Replies: 2
Views: 1206

Re: IPSec behind DMZ Double NAT Problem [SOLVED]

hi, this was resolved by using Site to Site GRE Tunnel with IPsec.
by icttech
Sun Oct 28, 2018 4:34 pm
Forum: General
Topic: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]
Replies: 4
Views: 684

Re: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]

Hi Bram

Yup that did it.. I copied the previous src-nat and failed to notice the protocol and port assignments..
Thank you for your quick response.
by icttech
Sun Oct 28, 2018 4:07 pm
Forum: General
Topic: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]
Replies: 4
Views: 684

Re: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]

Hi Bram, We also run GRE with IPSec so I have a src-net at the top for a remote admin office, should this be at the bottom? /ip firewall nat print 0 chain=srcnat action=accept src-address=10.254.1.0/24 dst-address=10.254.8.0/26 log=no log-prefix="" 1 chain=srcnat action=src-nat to-addresses=24.1.0.4...
by icttech
Sat Oct 27, 2018 5:59 pm
Forum: General
Topic: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]
Replies: 4
Views: 684

SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]

Hi, Encountering an issue with a particular src-nat --> netmap rule with SIP registration authorization failure due to incorrect Public IP in registration. In this sample: private IP PBX host: IP 10.254.1.105/24 public IP PBX host: 24.1.0.44/27 cloud router WAN IP: 24.1.0.40/27 (assigned 24.1.0.33/2...
by icttech
Tue Mar 13, 2018 3:56 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ Maximum Address-List size
Replies: 3
Views: 684

Re: CCR1009-7G-1C-1S+ Maximum Address-List size

This particular router Winbox via IP through a GRE Tunnel running IPSec.
by icttech
Sat Feb 24, 2018 6:25 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ Maximum Address-List size
Replies: 3
Views: 684

CCR1009-7G-1C-1S+ Maximum Address-List size

Hi, Wondering what the maximum items which can be populated within an Address-List. We currently have over 133,000 items and now when working within terminal I get kicked from Winbox and find that the terminal session had ended. Using Winbox v3.12, memory holds fine at 1.6G, CPU stays around 1%, v6....
by icttech
Fri Dec 15, 2017 7:25 pm
Forum: General
Topic: IPSec behind DMZ Double NAT Problem [SOLVED]
Replies: 2
Views: 1206

IPSec behind DMZ Double NAT Problem [SOLVED]

Hi, I'm new to Mikrotik forgive my ignorance but I'm having some difficulty setting up IPSec tunnel tests before my CRR1009 goes live at the DC. Testing with a CRR1009-7G-1C-1S+ Office2 <==> Office3 hEX RB750Gr3. My goal would be then to setup Admin accounts to the DC with each using a hEX RB750Gr3....