hai guys, i need some help since i’m new user with mikrotik.
i’ve build 1 PPTP VPN and its working.
and i’ve build also DST-NAT for my server.. so i can access my server from outside.
my problem is..
when i enable or turn on the dst-nat my PPTP VPN cannot access/connection refused.
but then when i disable the dst-nat.. my PPTP VPN can connect and have access.
i need my dst-nat is always enable and PPTP VPN can connect even the dst-nat is enabled
can you guys all of the master help me with my problem.
here is my code of dst-nat:
NAT
chain=dstnat action=dst-nat to-addresses=172.16.0.3 protocol=tcp in-interface=pppoe-out log=no log-prefix=“”
chain=dstnat action=dst-nat to-addresses=172.16.0.3 protocol=udp in-interface=pppoe-out log=no log-prefix=“”
please kindly to help me with this problem, i’ve been searching but not found about this problem.
and also help with step-by-step script since i’m very very new in mikrotik.
Your DST-NAT rules are “greedy” … they take any kind of connection over PPPoE interface and forward them to your LAN host. You have to make DST-NAT more selective … so you have to decide which services from your LAN host you want to expose to internet. While this greed DST-NAT is enabled, your VPN connection attempts are forwarded to the LAN host as well and I guess that’s not what you wanted.
For example: if you want to expose https service, your DST-NAT rule would look like this:
The same principle goes for some on-line games which require “full access” … you have to find out which ports and protocols (TCP or UDP) certain application needs to have open.