Hello All,
I am new to Mikrotik and Routerboard. So please assume the worst.
My setup is as follows:
TP Link 8840 ADSL modem in Bridge Mode → RB750GL (Ether 1)
Ether 2 → Picostation M2 → 4x Wireless Cameras
Ether 3 -->TP Link Ethernet Over Powerline Wireless → Laptops, devices + TP Link Ethernet over Powerline → PC Box on 192.168.1.100 running Blue Iris Software (to monitor the cameras) and VNC client to enable remote access.
I tried to set up port forwarding to Blue Iris and VNC so that I can access the camera stream remotely and VNC to control the PC remotely. I also have DynDNS loaded on the PC box so that I can do this via abc.dyndns.tv.
When I set up the NAT though (on port 80) I lost all connection to HTTP. I could access HTTPS and Skype and non-HTTP services would work (and pings to e.g. 8.8.8.8 were fine). Nothing else. I disabled all the NAT entries for port 80 and 81 and could access the internet again. However I still can’t get VNC to work properly nor the Blue Iris remote feed. Clearly something is wrong the port forwarding. All I want is the following:
abc.dyndns.tv will resolve to the WAN IP. That will then forward on port 80 to 192.168.1.100 (for Blue Iris)
abc.dyndns.tv will resolve to the WAN IP. That will then forward on ports 5800-5809 and 5900-5909 to VNC
It doesn’t seem to be a DynDNS issue as it doens’t work on the WAN IP either.
Lastly can you please just sanity check my connection to see if anything missing from the configuration. As a little bit of knowledge is dangerous!
Many thanks for your input.
Export below:
_Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.1.1/24 network=192.168.1.0
interface=ether2-master-local actual-interface=ether2-master-local
1 D address=196.210.151.144/32 network=196.210.148.129
interface=Internet-WAN actual-interface=Internet-WAN
[admin@Cameron] >
[admin@Cameron] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=196.210.148.129
gateway-status=196.210.148.129 reachable via Internet-WAN
distance=1 scope=30 target-scope=10
1 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1
gateway=ether2-master-local
gateway-status=ether2-master-local reachable distance=0 scope=10
2 ADC dst-address=196.210.148.129/32 pref-src=196.210.151.144
gateway=Internet-WAN gateway-status=Internet-WAN reachable
distance=0 scope=10
[admin@Cameron] >
[admin@Cameron] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name=“ether1-gateway” type=“ether” mtu=1500 l2mtu=1598
max-l2mtu=4074
1 R name=“ether2-master-local” type=“ether” mtu=1500 l2mtu=1598
max-l2mtu=4074
2 R name=“ether3-slave-local” type=“ether” mtu=1500 l2mtu=1598
max-l2mtu=4074
3 R name=“ether4-slave-local” type=“ether” mtu=1500 l2mtu=1598
max-l2mtu=4074
4 R name=“ether5-slave-local” type=“ether” mtu=1500 l2mtu=1598
max-l2mtu=4074
5 R name=“Internet-WAN” type=“pppoe-out” mtu=1492
[admin@Cameron] >
[admin@Cameron] > /ip firewall export
jan/02/1970 02:58:31 by RouterOS 5.25
software id = Z79C-U13U
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=
10s tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment=“default configuration” disabled=
no protocol=icmp
add action=accept chain=input comment=“default configuration”
connection-state=established disabled=no
add action=accept chain=input comment=“default configuration”
connection-state=related disabled=no
add action=drop chain=input comment=“default configuration” disabled=no
in-interface=ether1-gateway
add action=accept chain=forward comment=“default configuration”
connection-state=established disabled=no
add action=accept chain=forward comment=“default configuration”
connection-state=related disabled=no
add action=drop chain=forward comment=“default configuration”
connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration”
disabled=no out-interface=Internet-WAN
add action=dst-nat chain=dstnat disabled=yes dst-port=80 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=80 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=81 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=81 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5800 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5801 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5802 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5803 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5804 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5805 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5806 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5807 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5808 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5809 protocol=tcp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5800 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5801 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5802 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5803 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5804 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5805 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5806 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5807 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5808 protocol=udp
to-addresses=192.168.1.100 to-ports=80
add action=dst-nat chain=dstnat disabled=no dst-port=5809 protocol=udp
to-addresses=192.168.1.100 to-ports=80
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
[admin@Cameron] >_