Echolink and IRL voip on MT not working.

derr12 · June 18, 2010, 6:53pm

Hi there, ive found that with mikrotik hardware on the odd occasion i have found certain services refuse to work, this time its echolink and IRL.

I am unable to get the software to work for one of my internet subscribers, they are on the other end of a 2.4ghz link. goes like this mikrotik - ubiquity AP - engenious 2610 (bridged) - router.

he has two of these links to his home.

I had the rules set for the customers assigned public IP to forward all traffic to his local ip at first (1-1 nat) but that stopped working after i upgraded that site to a mikrotik rb450g, previously it was public IP’s direct to the customer. I have now set these rules up:

6 ;;; kennedy #1
chain=dstnat action=dst-nat to-addresses=10.0.0.83 to-ports=5200
protocol=tcp dst-address=139.142.249.85 dst-port=5200

7 ;;; kennedy1 udp
chain=dstnat action=dst-nat to-addresses=10.0.0.83 to-ports=5198-5199
protocol=udp dst-address=139.142.249.85 dst-port=5198-5199

8 ;;; kennedy 1 src nat.
chain=srcnat action=src-nat to-addresses=139.142.249.85
src-address=10.0.0.83

9 ;;; kennedy #2 1-1
chain=dstnat action=dst-nat to-addresses=10.0.0.82 to-ports=5200
protocol=tcp dst-address=139.142.249.189 dst-port=5200

10 ;;; kennedy #2 udp
chain=dstnat action=dst-nat to-addresses=10.0.0.82 to-ports=5198-5199
protocol=udp dst-address=139.142.249.189 dst-port=5198-5199

11 ;;; kennedy 2 src nat
chain=srcnat action=src-nat to-addresses=139.142.249.189
src-address=10.0.0.82

have i goofed something?

derr12 · June 18, 2010, 6:55pm

I have a theory…

I havnt been able to get source natting to work correctly… ever. and im pretty sure my dst nat rules are working fine.

im thinking that the server software is expecting the connection to come from a certian IP, the customers assigned public one, but when the outbound connection is coming it is originating from the mikrotiks WAN IP.

Im wondering if i shouldnt just forward the ports via the Mikrotiks WAN IP. making everything appear to come from the same IP.

would be a pain in the ass to configure since i would have to change the listning ports on one of the customers routers and one of his clients.

derr12 · June 18, 2010, 10:26pm

here is an example from another mikrotik of mine where im trying to do the same thing, but forward all ports instead of a select few. I just changed the out interface since i read an example somewhere that suggested this be done.

4 ;;; customer name
chain=dstnat action=dst-nat to-addresses=10.0.0.81
dst-address=139.142.249.144

5 ;;; customer name
chain=srcnat action=src-nat to-addresses=139.142.249.144
src-address=10.0.0.81 out-interface=ether1

the outside world always see’s the connection origionating from the mikrotik WAN ip on eth1 instead of the customers static IP 139.142.249.144 like i want it too. This customer has echolink as well.

derr12 · June 20, 2010, 2:21am

it may seem obvious now, but the srcnat rules in perticular i think need to be before masquerade rules in winbox, showing traffic on my src nat rules now that ive done that.

Chupaka · June 23, 2010, 6:17pm

huh… first rule: always post all your rules