Using winbox, ive port forwarded and they didnt work, searched a lot online and watched youtube videos but no configs have worked/no traffic through any configs. Same with upnp.
internet connection is coming through ether5 (dish through poe) and accessing through wlan1. I cant use ether5 in nat options as it says its slave and to use bridgelocal
I rather not use upnp though as ive got smb1 devices. Let me know what info/screenshots are required. I have emailed my isp about it in the past but always get ignored.
wireless fibre broadband, basically we have a dish on the roof pointed at one of their nodes
the router is just used as a regular router modem except instead of the internet connection coming through the copper cable its going through the poe powered dish
as you can tell ive buggered around a load trying different things in the nat/forwarding, none has worked, upnp for example ive tried both ether1 and 5 its just whats in the report is my last attempt
Your RB951 is connected by ethernet to the Dish outside for WAN? Y/N
Your RB951 is connected by WIFI to the Dish outside for WAN? y/N
Your RB951 is getting a public IP or a private IP? ( aka the dish is also a modem or a modem router )
++++++++++++++++++++++++++++++++++++ Your best bet is to remove internet connection for now and setup the router
Your rules need a total revamp, aka start fresh!
Remove capsman and get this going without it, it adds complexity and overhead not required for a single device. Its getting in the way not helping!
Recommend the basic setup here See ITEM B. - RB951Ui-2HnD
To keep yourself from getting locked out of the router USE SAFE MODE plenty and consider dedicated one of your LAN ports simply for external easy access OFF the bridge.
explained at item A from the above link or direct - https://forum.mikrotik.com/viewtopic.php?t=181718
Once you have that setup come back and detail any further requirements you have including port forwarding.
Starting from a clean safe starting spot is best.
I see you dont have any bridge either on your setup which is usually the default setup.
In your case using the bridge is the easiest way to go and all PORTS (ethernet interfaces and WLAN interfaces) should belong to the bridge EXCEPT FOR WAN and any port you may choose for OFF the bridge access.
In this case the bridge hands out dhcp etc and gets an IP address.
Innside IP should be set on bridge and not on interface part of a bridge.
And do you really need a /8 with 16,777,216 IP address.???
For normal home nett /24 with 256 IP should be more than enough.
I do not see any DHCP server on your lan?
Here is an example setup for uPnP that I have used and I know it works:
Bridge1 is internal lan.
ether1 is the wan interface
PS I do suggest you have some logging of your uPnP to see who uses it, since you allow any to set up a nat trough your firewall and opens traffic from Internet to your lan. (see my signature for using Splunk to log uPnP and much more)
ether5 is part of your LAN Bridge, innside net, so it can not be your wan connection at the same time.
/8 i havent touched, everything is default except for enabling poe and mucking about trying to get port forwarding and then upnp working. Ive checked with an xbox and it says strict/upnp not successful so i doubt it needs logging until it works (upnp was a last ditch attempt, i wouldnt use it if possible unless it solves any issues using a range extender for some devices). Also my nas cant send emails over smtp no matter the settings which im guessing is a pf/upnp issue as well
and you will continue to muck about for the next six months, if you dont clean up the config.
Start from a clean simple place and success will come much faster.
What jotne fails to realize is that, if you put makeup on a pig, its still a pig!
dish to router via ethernet, no wifi, the dish sets up the router modem once poe injected. If i delete the port forwarding and upnp rules then it’ll be as default as it’ll ever get besides having changed the admin password. I even asked if my isp had a new router since we’ve had this for 6 years and it has no 5ghz but of course since it was something that would cost them money i got no response.
emails about upgrading our package they responded to in 24hrs though…
I have never seen /8 as a default configuration. And as 404Network writes, you should start over.
PS and do not QUOTE the full post above you.
If you have not seen there is a big red Post Reply below to use to reply. Quoting should only be used to replay to part of post.
PS you did not reply to post the output of
/ip address print
. If it does not show any public IP, all you work is worth nothing.
No public IP, so you have a router in front of you. It only shows your LAN part.
So you can not get NAT or uPnP to work in this router. You need to configure router in front of your Mikrotik Router.
If this is an ISP, you can not configure it, but you can ask if they can bridge it, so you get a public IP.
as i feared then, its up to my email ignoring isp and explains why i couldnt get it working, it might take a few days before i get back with any news in this case, perhaps it’ll be 4th emails the charm
isp has enabled upnp on the dish which seems to have worked, proof of the pudding and all that will take some testing as my xbox has reported open once before only to show strict the next time. Dont quite understand the second part of their response.
"Your current setup has the roof unit acting as the router, rather than the mikrotik itself. I have enabled upnp, could you confirm whether that works. Or if you have any ports, you would like me to setup.
Alternatively,if you can have a cable router setup and have control over the router yourself."
