You need to setup the dst-nat rule (or also called “port-forwarding”) in each router that functions as NAT-router and is not bridging networks. If your network has a gateway router functioning to masquerade all your users behind one IP (the public IP of your gateway) then it needs a dst-nat rule in here.
If you also have your client behind a Mikrotik router (like an antena that funcions as router with LAN for the client, and thus a NAT firewall) you have to do the same in this router.
And if the client then has a Wifi router you’d also have to setup portforwarding in this wifi router to allow to have server on the clients LAN to be reachable from the internet.
Hello,
I have only one masquerade nat rule in my main router.
chain=srcnat action=masquerade out-interface=ether1
on second mikrotik I dont have any nat rule.
On main router I ceated the nat rule
chain=dstnat action=dst-nat to-addresses=10.10.10.2 (ip of 2cd mikrotik) to-ports=3389 protocol=tcp
in-interface=ether dst-port=3389
On second mikrotik I created the nat rule
chain=dstnat action=dst-nat to-addresses=192.168.1.2 (pc ip) to-ports=3389
protocol=tcp in-interface=ether1 dst-port=3389
I can’t find what is wrong because is not working.
I attached a picrure of my network to get a better idea.
thanks
Good morning everyone.
I do not understand NOTHING of Mikrotik and I am looking for help about a specific situation where I did not find help on the internet. I apologize for the lack of technical terms.
The situation is as follows: I live in a condominium and hired a company to do the following installation: we signed 4 internet links 100/30 MB, which “enter” the Mikrotik (model RouterBOARD 750G r3 - lan ports) at the concierge, and a cable “exits” Mikrotik (PoE in port), going to a switch right there at the gate. This switch, sends 4 or 5 network cables to the condominium posts, and we have another 4 or 5 switches on the posts, from which network cables go straight to the houses. Inside the house, I use a router (TP-LINK TL-WR849N) where it is necessary to put a user and password to authenticate (PPPoE).
Regarding usage, everything works very well: navigation, downloads, streaming, apps and etc, all in a satisfactory way.
The only drawback would be in relation to video games, more specifically online games:
-
PS4: downloads are ok, rare connection errors with other users and allows online game in a satisfactory way;
-
Xbox One: downloads ok, some connection errors, and shows the NAT as “strict”, in addition to “double NAT detected”
-
Nintendo Switch: here is the main problem … downloads are ok, but it is practically impossible to play online … I mention Mario Kart 8 Deluxe as an example. The game establishes a connection, but in match search it returns an error: “Could not connect to other consoles. There was a transverse NAT error.”
I am absolutely sure that the error occur due to our internet “scheme”, since before, when each resident had his own ADSL internet, none of this happened.
Anyway, I strongly encourage you all to help me solve this problem, and I will asap provide any clarification. Thank you.
I think the answer is right here, but I need a pass to pass solution. Please help.
@Arxondas if the second router is not changing public to private IPs (as you stated no NAT). Then you only need the DSTNAT rule on the first router. it should point to the correct PC being used not the IP of the second unit for too address. Also you will need a firewall rule in the first(main router) allowing dstnat.
add action=accept chain=forward comment=
“Allow Port Forwarding - DSTNAT” connection-nat-state=dstnat in-interface=eth1
@RodrigoBrito suggest you start a new (your own) thread…
@anav I already did it (http://forum.mikrotik.com/t/nat-problems-xbox-one-and-nintendo-switch/127560/1), but I got no answers… l don’t know what to do.
You now have an answer…