NAT Routerboard IP cam

RouterOS Beginner Basics
1

Hello Guys,

I have an issue with NAT. I got IP cam with IP 192.168.1.201 in my LAN and static public IP on my router 188.123.XXX.XXX.

I would like to access it from internet so I used NAT to reach it. Problem is that it doesnt work the way I thought.
I put this command into terminal:

chain=dstnat action=dst-nat to-addresses=192.168.1.201 to-ports=80 protocol=tcp
dst-address=188.123.xxx.xxx dst-port=10201

NAT is running but no affect.

Can somebody help with that please ?

Thanks a lot.
Martin.

2

This means that your client / browser should use http://188.123.XXX.XXX:10201/ and that the webcam should be listening on port 80. (does it know to use your Mikrotik’s LAN ip for its default gateway? does the forward table block your traffic?)

3

Yes GW is set as 192.168.1.1 on IP cam. This IPs are static, not assigned by DHCP server.
I also add a firewall rule that opens port 10201 from internet. I didnt have this before, but still no change.

Any other ideas ?

4

Yes, GW is set correctly on IP cam. Now, I opened port 10201 from internet but still no change.

I also tried to scan open ports using nmap, see below:

mkroslak@onedata:~$ nmap 188.123.99.171

Starting Nmap 6.40 ( http://nmap.org ) at 2015-04-16 17:48 CEST
Nmap scan report for 188.123.99.171
Host is up (0.027s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
1723/tcp open pptp
2000/tcp open cisco-sccp
8291/tcp open unknown

Although I added filter rule to firewall that opens this port 10201.

Any ideas please ?

5

It’s possible that the ip-stream uses UDP protocol.
You need to switch to TCP protocol, if the camera has this setting.
Anyway, I couldn’t use the cameras remotely until switched to TCP.

6

Note that running nmap with no options is not going to scan all 65535 TCP+UDP ports. So if you pick a port at random there is no guarantee nmap would detect it, even if it was open. Nmap only scans a list of ‘common’ ports by default.

EDIT: you must be doing something right, because I get a login prompt on that IP+port!