I have a MikroTik Chateau 5G modem (RouterOS v7.3beta37 (testing)) and many p2p applications require open ports. Previously, this was achieved through UPnP and I had no issues, but since I have MT modem now, UPnP seems to be disabled by default, so I enabled it and set up the required interfaces as it should be (ether1 (external) and created a bridge interface (internal)). But all applications still show that UPnP is not working as it should be and ports are still closed.
Here is my configuration
Firewall warnings:
in/out-interface matcher not possible when interface (ether1) is slave - use master instead (bridge)
.. image accidentally deleted
Here is what is showing on various P2P applications, such as Soulseek, which gives this error
18:02:45 UPnP: Failed to forward external port 2234: Failed to map the external WAN port: Error code 725: OnlyPermanentLeasesSupported
Your external interface is lte1 obviously, and the internal interface (as already suggested from red messages…), is bridge…
But… not all providers offer a public IP, I don’t know if that’s your case, if not, it probably won’t work anyway.
If you see on ip address something like 212.x.x.x probably can work, if not, your connection is already double-natted and upnp can’t work.
I had tried previously with lte1 as external, ether1 as external, bridge as internal and it still didn’t work. My OP is a recent setup after I did a reset. Obviously I had tried many combinations with no success before posting here.
Here I tried that setup again and another one with just lte1 and bridge interfaces. Still doesn’t work.
Ports are closed and Nicotine/Soulseek is unable to open the port.
Now there are no error messages in the firewall though and PicoTorrent can open a port.
your pc 192.168.8.x → Router NAT → LMT NAT 10.x.x.x → Collective Public IP “random” in 212.3.x.x pool
For open ports, you must ask your provider first to do that on his NAT, out of your control, and later you must open ports on your NAT, under your control.
Thanks, that makes a lot more sense. Could this be a temporary problem because of the new 5G (5G NSA) network development that might be fixed in the future? Or is this how simply 4G/5G networks work, with additional NAT on ISP side?
It should get fixed eventually with IPv6, new generation of IP protocol that has enough public addresses for everyone. But it’s not directly compatible with current IPv4. Until it’s everywhere, it will be only worse, because there simply isn’t enough IPv4 public addresses for everyone, so ISPs will be saving them and only provide them (at extra cost) to customers who really need them. That’s the general trend.
I’ve seen this for many, many years… Even 3G networks..
CGNAT unless you pay the provider extra money per month for a public IP.. Even then, they have multiple ‘options’.. Static or dynamic IP.. Your own public IP with incoming connections blocked is something I’ve seen to for example, even more money for incoming connections..
This is only offered by the ‘bigger’ players though, the smaller networks have no idea what you are talking about and that what you want just doesn’t exist on 3G/4G/LTE networks.. To be fair to them though, I’ve been told this by reps from companies that do offer the feature too.
Here, the first time, Rogers literally transferred me 23 times to get a public IP added to my account, eventually everyone I talked to knew it was possible, but nobody knew how to add it to an account. Bell was less calls, but nobody knew the APN to use after it was added..
. If a cow is feeding many calves of course.