BTest blocked - any alternative

RouterOS General
1

Hi!

BTest is blocked by one of my providers (LTE).
Is there any possibility to change the port, BTest is using?

Thank you for your help
Stril

2

NATting BTest ports?

3

But I am not able to choose the destination-port for the btest client.

4

Do you mean external BTest servers that other people are running?
Why would your ISP block random ports for outgoing traffic??

5

Hi!

Sorry, but I do not really understand your setup:

  1. Server:
    I can use a server and NAT its BTest-Server to another port

  2. Client:
    The Client would need to connect to a different port, but there is no port-parameter for BTest, or would you manipulate the port by NAT?

6

RouterOS normally does not permit dst-nat of outgoing sessions (nor src-nat of incoming sessions), but there is an ugly trick allowing both. It will cost some CPU cycles, but I assume your router model is powerful enough that the bottleneck for the btest would be the LTE throughput.

  • choose any two own IPs of the router, a.a.a.a and b.b.b.b
  • create two /interface ipip, forming a tunnel between these two local IPs:
    name=A2B local-address=a.a.a.a remote-address=b.b.b.b mtu=1500
    name=B2A local-address=b.b.b.b remote-address=a.a.a.a mtu=1500
  • attach an IP address c.c.c.1/32, not conflicting with any of the subnets you use, to interface A2B
  • create an /ip firewal nat rule:
    chain=srcnat out-interface=A2B action=src-nat to-addresses=c.c.c.2/32
    (c.c.c.2 must also not interfere with any subnet you use)
  • create a default route with the same gateway like the existing one but with routing-mark=aux
  • create an /ip route rule row:
    interface=B2A action=lookup-only-in-table table=aux
  • create an /ip firewal nat rule:
    chain=dstnat in-interface=B2A protocol=tcp dst-port=2000 action=dst-nat to-ports=22222
    (or whatever port you’ll be redirecting to 2000 at the remote btest server)
  • create two /ip route rows:
    dst-address=s.s.s.s gateway=A2B
    (where s.s.s.s is the address of the btest server)
    dst-address=c.c.c.2 gateway=B2A
  • make sure that a src-nat or masquerade rule exists, matching on out-interface=LTE or out-interface-list=WAN

This way, btest will send the connection establishing packet to s.s.s.s using A2B as the output interface; the connection will get src-nated to c.c.c.2. Once the packet passes through the tunnel, it will emerge from B2A and hit the dst-nat rule; in order that it wouldn’t loop to A2B again, the routing rule will mark it with routing-mark=aux, so the default route with the same routing-mark will send it via the regular WAN (LTE) interface to the destination; before actually leaving, it will get src-nated (masqueraded) again.

The response packet from s.s.s.s will arrive on the WAN interface and get un-src-nated to c.c.c.2; as c.c.c.2 is not one of router’s own addresses, it will be routed via B2A (that’s the reason why we needed to src-nat the initial request from c.c.c.1 to c.c.c.2) and un-dst-nated on the way; once it passes through the tunnel and emerges from A2B, it will get un-src-nated again and land on c.c.c.1 from s.s.s.s:2000.