Greetings, i’ve been stuck for several days with the following issue: I can’t open ports on a double-nat setup (Router1 → Router2 → PC)
Router1
(Mikrotik) has:
wan x.x.x.x (static public ip)
lan 192.168.1.254
tcp/udp ports 0 to 65000 open to ip 192.168.1.199
dhcp activated
Router2
(Asus Rt-N16-tomato raf 2014/g) has:
wan 192.168.1.199
lan 10.0.0.1
port 5632 open to ip 10.0.0.2
Dhcp activated, upnp on, nat forward only.
PC has:
lan 10.0.0.2
Basically following this rule:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=0-65000 to-addresses=[INSIDE IP ADDRESS OF DMZ HOST]
Router1 has a range of ports (0-65000) opened to Router2 (ip wan), I should then just make rules on Router2 to port-forward whatever ip i want to reach, but it’s not working, in this case i’m opening the 5632 port.
An interesting note is that if I use some software who supports upnp, like Emule, the ports get open.
Clearly i’ve enabled upnp on Router2, but not on Router1.
My purpose is to open only certain ports on a single pc and disable upnp.
Where did i go wrong?