thanks to my NAT i can’t play with just anyone sometimes i get NAT error and some friends i can play with and some i can’t due to my NAT not letting them play with me or me play with thm.
is there anyway i could port ward DMZ my nintendo switch so i can play with others online ?
If anyone could help i be grateful if anyone could help please; ;w;
My OS is RouterOS v6.39.2 (stable)
Hi Allie,
Glad you wrote.
The good news is that you dont need to port forward with the switch behind the MT unit.
Secondly you need to upgrade your firmware to the latest stable version 6.43.8.
Upgrading your firmware may go along way to resolve your issue.
I have the switch behind my MT with no port forwarding and have never been in a problematic NAT scenario.
Is it a specific game?
Super smash brothers for the nintendo swhich also i hope upgrading the frim ware won’t brick the thing right? my ISP gave me it.
I updated my frimware i have yet to test it i will post another reply when i get a chance to test it.
UPDATE: im still having the error i can’t play >.<
Can you confirm which firmware version and also post the config
/export file=yourlatestconfig
how do i do that? where do i put this " /export file=yourlatestconfig "
here a screen shot i took if that helps http://prntscr.com/mabtct
I’m sorry im such a nooblet.
Using winbox, scroll down to the New Terminal selection and click on it.
In the pop-up window at the prompt type in
/export hide=sensitive file=myconfig
THat should after a quick second comeback to the prompt.
If that doesnt work just type /export file=my config
Then scroll down to the FILES selection
In the pop menu, 'file list" find the file you created, right click on it and download to your PC.
Open this using notepadd++, cut and paste it in the thread, highlight the selection and use the codes quote square parenthesis above with black background to make it presentable.
Review your config while in notepadd and remove anything that is sensitive such as your router serial number, mac address etc.
Your wanip and gatewayIP from your ISPs as well.
If you have wifi, ensure no SSID passwords are included.
I tryed puting in the /export file=my config both codes and all it saids was http://prntscr.com/makb6t it saids that on both of them am i doing something wrong?
Hi Allie, no worries you will get there
Here is what your post shows
/export xport file=my config
Try
/export file=myconfig
Ooops im so sorry i totally mess that up but i got it to work as for reviewing the files i hope i remove all the IPs you spoke of i am very new at this and well there so much stuff and numbers i hope i didn't miss anything.edit i censour out the ip code with *** I hope that won't be too confusing i'm very sorry i can redo it if you like ;w; thank you so much for trying to help me btw. becuase i feel at a lost.
/interface bridge
add admin-mac=64:D1:54:FF:B6:F3 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
ether2-master
set [ find default-name=ether3 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=
MikroTik-FFB6F8 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=
20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=
ap-bridge ssid=MikroTik-FFB6F7 wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan1 list=discover
add interface=wlan2 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=ether1 list=WAN
/ip address
add address=********* comment=defconf interface=ether2-master network=\
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
ether1
/ip dhcp-server network
add address=********** comment=defconf gateway=**********
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=******* name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN"
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid"
connection-state=invalid
add action=drop chain=forward comment=
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade"
out-interface=ether1
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp
to-addresses=********* to-ports=80
add action=dst-nat chain=dstnat dst-port=3999 in-interface=ether1 protocol=
tcp to-addresses=******** to-ports=3999
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
Before you do anything, ensure you ask questions first and most importanly in WINBOX use the SAFE MODE (button near the top left, if something frigs the router it will kick out but be accessible, without safe mode in place, the router will kick out and you will have to push button set to deafaults and start from scratch!!
/interface list
add name=LAN
add name=WAN
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
/ip address
add address=********* comment=defconf interface=bridge network=\
/ip dhcp-server network
add address=********** comment=defconf gateway=**********
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=***** name=router**
What would you like to accomplish via DNS???
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=
invalid
add action=accept chain=input comment="allow admin access" in-interface=LAN
source-address-list=allowadminaccess
add action=drop chain=input comment="drop all else
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid"
connection-state=invalid
add action=accept chain=forward comment='Allow LAN to WAN traffic'
in-interface=bridge out-interface=wan
+++++++
add action=drop chain=forward comment="Drop all else"
+++++(if you require any port fowardings, then you would need the following rule also.
add action=accept chain=forward comment= " Allow Port Forwarding"
connection-nat-state=dstnat
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade"
out-interface=ether1
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp
to-addresses=********* to-ports=80
add action=dst-nat chain=dstnat dst-port=3999 in-interface=ether1 protocol=
tcp to-addresses=******** to-ports=3999
If these two destination nat rules are here in an attempt to get switch working REMOVE or DISABLE THEM!
/ip upnp
set enabled=yes (Change this to NO)
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
YOu will need to create an IP FIREWALL ADDRESS LIST For ADMINACCESS
Okay i did try befor some videos i found on you tube befor but they didn’t work i will go delete the rules now.
Okay so i need to start in safe mode?
after going into safe mode what do i do? what am i supose to be doing then im sorry. im trying to ask quiestons since i really don’t know what im doing so im trying to be clear as i can
also does this mean im in safe mode right? http://prntscr.com/mamdf5 when it gray out?
Also what i want to do by DMZ i think that what you said.. umm i want to be able to play peer to peer against people on the swhich my NAT type is type B with the swhich.
so if i can get peer to peer online gaming working on the swhich without the NAT error i be happy.
I can play MMOs on the PC just fine and stream but for some reason the nintendo swhich gets a NAT error.
Dont worry about the nintento for now.
Lets get the router setup properly and then I suggest you remove the switch from teh network and add it back to the network.
Its been a while but I think the nintento checks the connection and adjusts automatically. I certainly had to do nothing.
Yes, when you click on safe mode I believe it goes from white to gray.
Just go to the applicable sections on the winbox left hand menu to make the changes.
I would start by adding the admin access firewall rule and the associated adminaccess firewall address list.
This could be your lan subnet or some IP addresses that you normally use (PCs to connect to the router from the lan).
format
add address=192.168.88.0/24 list=allowadminaccess
That would cover accessing the router from any pC in the house if you want to narrow it down
you can do so here
or in the separate winbox settings somewhere there is another option to limite access but for now leave it at that…
okay so were do i add this 192.168.88.0/24 list=allowadminaccess at? im sorry. i never been into a winbox befor other then that fail video on youtube i follow for the NAT thing it never even worked.
Also i forgot to say this but im on a WISP internet i also have like two internets i can connet two i found that a bit odd like stuff like tablets only connet to 1 while stuff like PCs only connet to the other. i asume they did that due to some stuff being wireless idk. i felt like i should of bought that up im sorry.
I can also go into the website verison of the miktotik if that helps any?
Well that sure makes things messy. Sorry dont have any sage advice for your connection woes.
I just use winbox from my pc wired and it works great!
Oh i see. well dang it thank you for trying to help me at least i am most grateful. yeah PC gaming is fine i just wish my Swhich would as well. thank you again have a great day.
My PC is also wired as well.