Dear folks, I am trying to run a PS4 remote play iphone app called R-Play on a dual WAN enabled Mikrotik. Before the secondary WAN IP is up, the app was running properly.
R-Play support replies me that it could be problem of double NAT between my ISP modem/router and my mikrotik (below is the direct quotes from R-Play support replies)
The problem here is likely that both your modem and router are each creating their own local networks. For R-Play to work online, you must only have a single local network. You can fix this by configuring your modem to enable “bridge mode”. After bridge mode is enabled on the modem, you will only have a single internal network.
If not, can you please try putting your new modem into bridge mode as above, and see if this resolves the issue. It could be that your new setup is creating a double NAT issue, otherwise I’d expect the issue to lie within the dual WAN IPs for your router.
Another reply:
R-Play configures for internet play using a single public WAN IP address so having a dual WAN IP could create issues, however this isn’t something we see a lot.
Here is the thing, my ISP will never come and change their modem configuration, and I have no permission to access their modem/router. Is there any I can do on my Mikrotik instead so that I could create a “single local network”?
Post config
/export hide-sensitive file=anynameyouwish
So the use case is
app on iphone, via wireless to ??, wifi connected to router (how?),
router connected to modem (is it in bridge mode?) (or is it acting like a modem/router?)
What is your ISP dual wan setup?
Two physical lines from two different ISPs?
One line from one ISP and you have to WANIPs
One line from one ISP and you have a block of WANIPs
Do you need username and password for WANIPs
Are they fixed WANIPs
The use case is that, assume that the so-called “configure for internet play” of the mobile app has successfully done, I can remotely turn on and play PS4 games from internet to my LAN PS4 (172.16.10.7). If my mobile phone is at home with wifi which is on the same LAN as my PS4, the R-Play connection is directly made without getting through router.
Mikrotik connect to the ISP modem, and I have no idea what the mode is setup on their modem, I have no permission to access it, and the ISP hotline CS won’t have answer for such a query.
The isp “device” is nokia, and there is no model or whatever printed, so I do not know whether it is a modem or modem+router combo. I have no knowledge on this…
The problem I am facing is the “configure for internet play” on R-play has failed so I called R-Play app author/support, and my OP showed his replies.
My ISP dual wan setup is One line (optical fiber) from one ISP and I have 2 WAN IPs. Both WAN IP are on different subnet. I got the IPs on ETH1-WAN1 and ETH3-WAN2 via dhcp-client and it’s quite steady (according to the IP on ETH1-WAN1 it hasn’t changed for 3 years) export.rsc (10 KB)
Ahh okay so you can play the PS4 from your app currently via the LANIP of the PS4 on your network.
Do you want to be able to
a. use the app while away from home (wifi at coffeshop or friends house) OR
b. while at home using the WANIP of your router but from the same subnet as the PS4 ??
I had a look at your config, not only do I not understand much of it, your firewall rules are worse… (very non-standard)
Seem like lots of junk to me, but I am a minimalist.
add action=accept chain=forward comment=“Accept forward R-Play UDP Packet”
connection-state=established,related,new,untracked dst-port=987,9296
protocol=udp What is the purpose of this rule in the input chain???
/ip firewall nat
add action=masquerade chain=srcnat comment=“LAN access Outside” src-address=
172.16.10.0/24
add action=masquerade chain=srcnat src-address=172.16.20.0/24
add action=masquerade chain=srcnat src-address=192.168.0.0/24 Your masquerade rules dont indicate any outgoing interface ???
You break some basic rules of port forwarding as well…
dd action=dst-nat chain=dstnat disabled=yes dst-port=9296 in-interface=
ETH3-WAN2 protocol=udp to-addresses=172.16.10.41 to-ports=9296
add action=dst-nat chain=dstnat disabled=yes dst-port=987 in-interface=
ETH3-WAN2 protocol=udp to-addresses=172.16.10.41 to-ports=987
add action=dst-nat chain=dstnat comment=“PS4 Remote Play” dst-port=9295
in-interface=ETH1-WAN1 protocol=tcp to-addresses=172.16.10.41 to-ports=
9295
add action=dst-nat chain=dstnat dst-port=9296 in-interface=ETH1-WAN1
protocol=udp to-addresses=172.16.10.7 to-ports=9296
Hmm I see you have them coming in on different WANs… Supposedly then the connection tracker should be able to differentiate which IP address to send them to based on incoming WANIP ?
(just not 100% sure). You probably make sure that return traffic goes out the same interface…
Overall too much going on for me to make more comments… need someone with a bit more knowledge.
@anav ahh it’s all my fault, 172.16.10.41 is another PS4, as u can see i have another set if dst-nat which comment “Ming’s PS4 Remote play” disabled, didn’t realize my set of dst-nat rule points to another PS4 ip address… after change it back to 172.16.10.7 and now it is working..
yeah I know the firewall rules are nasty, I am still in the learning curve… There are so much to learn. I have read different settings on the internet and some experts here. It looks to me that different people have different opinion of how to make good firewall rules.
This is only for testing purpose, I thought the firewall drop the packet while doing “configure for internet play” on the R-play app. Since it is now working I removed this rule and still works.
Firewall rules put a load on the CPU, so why have unnecessary rules.
To me keeping it simple and clean and efficient is good management and security.
Unless you have real reasons for tons of specialized rules I would avoid it.
Many of the so called youtube experts is junk advice. There are good ones but one has to know…
Also many of the rules are not really designed for the home user but things the ISP should be doing to protect the network at their LEVEL.
As if a home router is going to deal with a DDOS attack from botnets for real…
Default rules simply work
add traffic you need to allow
drop all else as last rule in input chain and forward chain
Done!