I am having difficulty figuring out how to do something that I need to do. I would like to send a stream (e.g UDP port 10000), from the WAN to the public address of a Mikrotik NAT firewall. I would like the firewall to forward the stream to multiple address on a /24 behind the firewall. Does anyone have any idea how to do this? Thanks greatly for your assistance in advance.
Hi,
I think your solution will be a mangle rule that marks all incoming port 10000 packets with a routing mark.
Then you will be able to create a route for only that packets.
If I may ask, what are you hoping to achieve by forwarding those packets to multiple /24 addresses?
This sounds like he’s trying to load-balance some internal hosts as a server team.
I would think that all you need to do is specify
x.x.x.1-x.x.x.254 as the to-addresses value for the dstnat rule. Connection state tracking should automatically handle keeping track of which client got mapped to which server on subsequent packets.
The way you word this - it could also mean that you want all hosts in the range to get copies of the udp packets… like IPTV or something…
If you want 1->many, then you MIGHT be able to fake this by making the to-addresses value in your dstnat rule be the broadcast address of the target network… You’d probably need to be able to tell the software listening for the udp traffic that it should listen to broadcasts (no idea if the application can do that though)
Otherwise you’re going to have to use multicast to do it, and if this crosses the Internet, then multicast isn’t going to “just work” - you’ll need to build a tunnel from the source to the other Mikrotik and pipe the multicast through the tunnel.
As I mentioned, it is UDP. In this case, it is streaming media. It’s destination is the public address on the firewall. I port forward the stream to one device behind the firewall. I would like to duplicate that stream and send it to two(or more) addresses behind the firewall. The sending appliance is capable of sending to multiple addresses but not to multiple ports at the same address. That’s not helpful because I only have one address available on the firewall.
The stream must be transmitted using multicast. You cannot just split it to several receiving hosts. The most you could possibly do is the “broadcast” hack I mention above, and I’m not certain that would work either - it would require that the viewing application be able to listen on the broadcast address for the network.
If you have a router where the media stream source is located, then you could make a tunnel between the sites and then be able to view multiple streams at once, but otherwise I don’t think you have any options available other than getting a second public IP address routed to you.