We have some manufacturing equipment that sends its log data via a broadcast UDP packet on port 44444.
The data logger PC listens and logs the data.
This all works very well.
This network is NATed on a RB450 with a connection to the company internal network above the RB450.
We need to grab this broadcast packet in the RB450 and forward it to a linux system on the parent network.
There will never be any replies to these packets.

I can see the packets in the preroute chain on the RB450 and the dstnat rule on the RB450 is showing traffic but the packets never leave the RB 450 to the parent network.
There is not any traffic counts of UDP 44444 traffic on the forward, postroute or output chains.

I need some help here please.
We would think that this is quite easy but it is not.

thanks

The dstnat rule? Shouldn’t that be a srcnat rule for outbound traffic? Can you be a little more specific about your setup?

Can you ping the linux system on the parent network from the RB450?
If so, can you ping the linux system on the parent network from a computer on the RB450 localnet?

is it possible to route broadcast packets?.. O_o

maybe not simply route, but redirect using dstnat rule

so, does it work?

More details:
I can ping the linux box on the parent network.
I can see the broadcast udp packets flowing through the rules.
the preroute rule and then the dst-nat counters.
I don't see the packet on the post route and output.

I was expecting the dst-nat to change the dst address and then the src-nat to change the src address and then send it to the parent network.
Is connection tracking getting confused between local and remote?

This is driving me crazy. Please give me a clue

sep/02/1009 07:29:02 by RouterOS 3.26

/ip firewall address-list
add address=0.0.0.0/24 comment="" disabled=no list=masteredge
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=
44444 new-connection-mark=udp44444 passthrough=yes protocol=udp
src-address=172.16.100.199
add action=mark-packet chain=prerouting comment="" disabled=no dst-port=44444
new-packet-mark=udp4444 passthrough=yes protocol=udp src-address=
172.16.100.199
add action=mark-routing chain=prerouting comment="" disabled=no dst-port=
44444 new-routing-mark=udp444 passthrough=yes protocol=udp src-address=
172.16.100.199
add action=accept chain=prerouting comment="" disabled=no dst-port=44444
protocol=udp src-address=172.16.100.199
add action=log chain=input comment="" disabled=no dst-port=44444 log-prefix=
"" protocol=udp
add action=log chain=postrouting comment="" disabled=no dst-port=44444
log-prefix="" protocol=udp
add action=log chain=forward comment="" disabled=no dst-port=44444
log-prefix="" port=44444 protocol=udp
add action=log chain=output comment="" disabled=no dst-port=44444 log-prefix=
"" protocol=udp
/ip firewall nat
add action=dst-nat chain=dstnat comment="" disabled=no dst-address-type=""
port=44444 protocol=udp to-addresses=64.122.244.162 to-ports=44444
add action=masquerade chain=srcnat comment="" disabled=no src-address=
172.16.100.0/24
add action=redirect chain=dstnat comment="" disabled=no dst-port=42170
in-interface=Public protocol=tcp to-ports=8291
add action=masquerade chain=srcnat comment="" disabled=no dst-port=44444
protocol=udp

Bridge the two interfaces and apply a filter that allows only your udp traffic.

Andrew

when you say broadcast packet do you mean something like 192.168.1.255 or 255.255.255.255 ? What is the actual source and destination IP of those packets? True broadcast packets like the addresses above won’t traverse interfaces unless you force them to.