I’m trying to run a game server on my computer. I asked my ISP to forward the ports I needed but there is still a problem. The server only shows up on lan. No one outside the network can join. All ports are open but there is nothing I could do no matter what. I want to say there is a problem with the internal ip not communicating with the external ip. That is just a thought though. any help would be great.
router: mikrotik RB951
Does your Mikrotik have the public IP address on it directly, or is the ISP’s modem also acting as a router?
If the ISP’s device is doing NAT, you can ask them how to put it into a bridge mode so that your Mikrotik gets the public IP directly.
If the Mikrotik doesn’t have a public IP, then whatever device is actually doing the public IP NAT must be configured with all ports to forward, and those should be forwarded to your Mikrotik’s WAN IP (thus it’s good to make the router’s WAN address as a static (private) IP so that the port forwarding will reach your router), where you NAT it a second time towards the game server.
Obviously bridge mode is easier to deal with for both you and the ISP. If the modem is also providing your WiFi, then this may not be possible to continue if the modem is changed to a bridge. (it may support bridging the ethernet port, but remain a router for the WiFi - but that’s getting off into the weeds)
If your Mikrotik has the public IP directly on it (static or dynamic doesn’t matter for pinholes) then make sure that all dstnat rules are properly configured to forward the desired ports to the internal IP of the game server. (it’s best if the game server has a static IP so that the pinholes don’t stop working if the server’s address changes).
Finally, make sure that the router’s firewall rules allow the pinhole traffic in the forward chain. The default ROS firewall configuration allows pinhole traffic, but if you’ve made changes, this may no longer be true for your router. The easiest way to permit it is to create an accept rule in the forward chain which matches packets having connection-nat-state=dstnat
Otherwise, you’ll need to make one or more rules that match the tcp/udp port(s) and allow them explicitly.
[emoji106]
Sent from my SM-G900FD using Tapatalk