Hi,
I have a RB750GL router with 6.47.2 which is completely set and was working in previous WAN connections.
Now I have change the connection to the PPPoE and after that the NAT will not work.
please is possible to tell me where I have the problem?
Hello, take a look at your masquerade rule, maybe out-interface is wrong.
Hi Evince,
I have set as I have it before and it was working:
add action=masquerade chain=srcnat src-address=10.0.10.0/24
And as I see, this NAT is working and over it are going data.
But this NATs are not working:
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=\
"Orange Optic" protocol=tcp to-addresses=10.0.10.241 to-ports=53
add action=dst-nat chain=dstnat comment=DNS dst-port=53 in-interface=\
"Orange Optic" protocol=udp to-addresses=10.0.10.241 to-ports=53
add action=dst-nat chain=dstnat comment=HTTP dst-port=80 in-interface=\
"Orange Optic" protocol=tcp to-addresses=10.0.10.241 to-ports=5678
add action=dst-nat chain=dstnat comment="HTTP - Synology WEB Access" \
in-interface="Orange Optic" protocol=tcp src-port=5678 to-addresses=\
10.0.10.241 to-ports=5678
add action=dst-nat chain=dstnat comment=HTTPS dst-port=443 in-interface=\
"Orange Optic" protocol=tcp to-addresses=10.0.10.241 to-ports=5679
add action=dst-nat chain=dstnat comment="HTTPS - Synology Web Access" \
dst-port=5679 in-interface="Orange Optic" protocol=tcp to-addresses=\
10.0.10.241 to-ports=5679
add action=dst-nat chain=dstnat comment="Synology Cloud" dst-port=5000-5001 \
in-interface="Orange Optic" protocol=tcp to-addresses=10.0.10.241 \
to-ports=5000-5001
add action=dst-nat chain=dstnat comment="Synology Cloud" dst-port=6690 \
in-interface="Orange Optic" protocol=tcp to-addresses=10.0.10.241 \
to-ports=6690
and are the same settings as on working old connection.
Only difference is that the old was WAN and the new one is PPoE over the same LAN port.
Thanks.
I was expecting an masquerade rule with an Out. Interface (List) specified. And I think the src-address can be left empty.
Are you sure you want to have your DNS server publicly available?
Hi Erlinden,
Ok and what should I choose in the out. Interface (list)? - LAN, Wan, all, dynamic, none and static
The DNS isn’t needed to be public, I thing the NAT can I deactivate, but the others are needed to work.
Thanks.
Is “Orange Optic” the old interface or the new one? If it’s the old one, it would be clear why it can’t work. If it’s the new one, are you sure that it still has public address?
Hi Sob,
the Orange optic is the new one and has a public IP. I use still the same LAN port for connecting to the Orange network as before. Only difference is that now is it over PPPoE and before was a standard WAN. I have asked by the provider for a static one.
Ok, so interface “Orange Optic” is PPPoE interface, that would be correct. If you’re sure that you have public address (it’s not to underestimate you personally, but it sometimes happens that users get this part wrong), what about counters for these rules? Is there anything or all zeroes? If there’s at least something, then there are some incoming connections and problem could be in firewall filter, e.g. if they were previously allowed by original interface. If there’s nothing, then are you really sure that you have public address? 
You can choose either the interface “Orange Optic” or the interface list WAN (assuming the interface is added tot the list as WAN).
Hi Sob,
the counter for NAT are all 0 only masquerade shows data change.
yes I have the public address I can ping it from outside.
And in the filters I have these:
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related disabled=yes
add action=drop chain=input disabled=yes in-interface-list=WAN
What i don’t understand, is that this isn’t a first change of the provider, and each time was it working after the change with minimal changes on WAN port. But this is the first time what its over PPPoE and this time it will not work 
and all NAT and other settings are the same.
Hi Erlinden,
I have change it to the WAN, but no change. Its the same.
Can you please post your configuration here:
/export hide-sensitive file=anythingyoulike
Hi Erlinden,
so small change with the masquerade on WAN will not work some services over VPN.
The Settings are added.
RouterSettings2.rsc (9.18 KB)
Can you change
add action=masquerade chain=srcnat src-address=10.0.10.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.20.11.0/24
to:
add chain=srcnat action=masquerade out-interface-list=WAN
But in your config, interface “Orange Optic” is ethernet. PPPoE is named “PPPoE-Orange”. So you need in-interface=PPPoE-Orange in dstnat rules.
OK have done it.
Will be a problem with the disabled Masquerade? Is needed to delete it or it can be disabled?
Hi Sob,
I was in it that when I use the Orange Optic what is a ethernet port it will be OK as when ok it is working the PPPoE connection.
Disabled is disabled…so it won’t interfere.
Is both masquerade and port forwarding working now?
Hi Erlinden,
yes, now its working after I also changed the NAT interfaces to PPPoE too.
But please can you tell me for what is needed the masquerade and what is the difference between my settings and yours?
Now only have problems with DNS used locally in my environment
Thanks.
Masquerade is for handling NAT.