New to Mikrotik

darnalljason · August 15, 2016, 4:27pm

Need some Help

I have 4 routers

Rotuer 1 is the WAN router with no internet only for local LAN
Router 2 is for Site 1
Router 3 site 2
router 4 site 3

I need Router 3 and 4 to be able to see a device on UDP port 50000

So when device 1 at site 2 registers it would need to port forward thru the WAN router and then on thru the site router to the device

Example

Master router LAN is 10.0.0.1
Site 1 router WAN is 10.0.0.2 Lan is 192.168.1.1 Device other devices need to see 192.168.1.10
Site 2 WAN 10.0.0.3 Lan 192.168.2.1 all devices here are DHCP
Site 3 10.0.0.4 Lan 192.168.3.1 All devices here are DHCP

So how do i get port forwarding to work ??

Thanks Jason

darnalljason · August 15, 2016, 7:52pm

I have tried

ip firewall chain=forward connection-nat-state=dstnat

and ip nat chain=dstnat dst port=50000 in interface ether1-gateway protocol udp action dstnat to address 192.168.1.10 to port 50000

And i get nothing

I can use the mikrotikrb2011 as the WAN router for 10.0.0.0/8 and attach a netgear router with wan address of 10.0.0.2 and internal address of 192.168.1.1 and go to port forwarding in the netgear and select port 50000 incoming and outgoing to adress 192.168.1.10 and it works flawless

why wont it work with the mikrotik as the site router??

ionas · August 16, 2016, 1:00am

Configure like below, disable all firewall rules and let me know how it goes

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment="Redirect UDP 50000" dst-port=50000 in-interface=ether1 protocol=udp to-addresses=192.168.1.10 to-ports=50000

darnalljason · August 16, 2016, 1:27am

i will try this first thing tomorrow, would this also allow local connections/devices say 192.168.1.11 to also be forwarded to 192.168.1.10

ionas · August 16, 2016, 1:51am

I dont think so because if you see the rule you will notice that it’s configured to work only for packets arriving at ether1 (in-interface).

there are ways to address this matter as well. What is the destination IP of the packets?

darnalljason · August 17, 2016, 2:23am

so could i just add a rule for packets arriving on all ethernet ports from port 50000 to go to 192.168.1.10 port 50000

that way somehting coming from wan or lan would go to .10 port 50k

basically i need all packets from WAN and LAN to be able to UDP to port 50k of 192.168.1.10

ionas · August 18, 2016, 1:03am

you could use destiation ip instead of all interfaces (e.g. dst-address=10.0.0.2/32)