I want to stream a movie from my PC which is on the xxx.1/24 subnet to a DishTV DVR which is on the xxx.2/24 sub net (ETH-8 connected to a switch). The DVR does not see my PC and I think that the problem is that a specific NAT entry needs to be added to the xxx.1/24 subnet for my PC’s IP or Port (ETH–3) My Mikrotik is a RB20111LS-IN and I’m at 6.39.2. I did notice that the Routing package is not installed.
I have set up my Windows 10 Firewall to share media files to both private and public subnets and set the folder as shared.
I started to try to make a NAT entry (Firewall, NAT tab) and quickly realized that I was way in over my head.
I set up the 2nd subnet xxx.2/24 because my remote Wi-Fi and DVR is on it and in general for both security and traffic flow reasons did not originally want my PC visible on the xxx.2/24 subnet. As the streaming to the DVR will be only an occasional event, I want to be able to activate/de-activate the NAT as needed.
A friend thought that a 1 to 1 NAT on the xxx.2/24 subnet to the PC on the xxx.1/24 subnet would resolve my problem.
Any guidance or direction to specific manual sections would be most greatly appreciated.
If you have multiple internal IP networks (I assume you meant xxx.1**.0**/24 and xxx.2**.0**/24 ), then the default behavior of a router (such as a Mikrotik) is going to be forwarding packets between the networks, no questions asked. So long as hosts in 1.x and hosts in 2.x both use the Mikrotik as their default GW, then connectivity is assured - at least at the IP level.
Adding firewall rules to filter / allow traffic can be done in the filters table. Many people often “block” certain types of connections out to the Internet by disabling NAT on these “blocked” connections. This is a newbie mistake because the router doesn’t block the packets - it simply doesn’t NAT them, meaning that the packets get forwarded out to the Internet with their original 192.168.x.x IP addresses as the source. This means the remote host can’t reply, but the traffic is still going out. It’s better to block traffic by actually blocking it, not just loosening the lug nuts on the wheels so they fall off on the highway somewhere.
Anyway, I suspect that your media box may be looking for local UPnP type traffic, which usually doesn’t route through routers. Home devices tend to expect you to be on the same broadcast domain with them. See if you can ping it from your PC when they’re in the same network, and when they’re in different networks. If it responds to pings in both cases, then the chances are good that it’s a UPnP thing, not a firewall/nat thing.
You could try enabling IGMP proxy (you may need to install the multicast package under the system>packages menu) - this is in the Routing > PIM menu.
xxx.1/24 and xxx.2/24 looks to me like you just have 2 IPs in the same subnet. You should probably clarify that without giving away exactly what the subnets are (although that doesn’t really matter if they are private). Like 192.168.1.x/24 and 192.168.2.x/24 if that’s what it really is.
To add to ZeroByte’s explanation:
If you put 2 subnets on a router, by default you will get routing between them because they are “connected” routes. Once packets come in from one subnet and hit the routing table, the first thing the router does is see connected routes and send them back out the other connected interface if applicable. This is very efficient routing and it should work by default. If one subnet can’t see the other you are probably doing something wrong or firewalling. Or the Windows machine is rejecting packets from other private networks, which is something that wouldn’t surprise me at all.