Hi all, I’m relatively new to MikroTik and looking for some help.
So, I have an array of services I host and among those are a few Minecraft servers. I have dst-nat configured for the Minecraft Java Edition server (which runs on TCP 25565) and it works beautiful. I run into trouble when I try to configure the same for a Minecraft Bedrock Edition server (which runs on UDP 19132) I get some unexpected behavior.
My nat config for the BE server looks like this:
Upon some packet sniffing, I can see that the packets are entering my network as expected (dst. port 19132) and hitting my server as expected (dst. port 19132). My server will then respond (src. port 19132), but then when the packet leaves my LAN and goes onto the WAN, the port is getting changed, making the connection fail. It seems to be using ephemeral ports.
Model: RB5009UG+S+
Version: 7.16.2
Any help would be GREATLY appreciated. I’ve been spending the better part of the last three days trying to figure out what on earth is happening.
That has nothing to do with the router!
The router does not change ports on outbound, and thus its your server that is doing that ( changing the destination port when leaving the server )
One possibility.
Seems unlikely, but you do have a wanIP as an address list.
If you have multiple wan interfaces, and the packet is coming in from one interface, and leaving via another (the wan interface with the lowest metric). This could occur.
You would need to mark your packets (or similar) so the packets are routed out the correct interface.
Another possibility:
Some special handling may be required if you have multiple public ip addresses on the router.
(maybe don’t srcnat packets leaving router via wan that have source ip address already matching any of the public ip addresses on the router).
Perhaps:
Put the following above the other nat rules.
chain=srcnat action=accept protocol=udp src-address-list=WanIP log=no log-prefix=“”
I do have only 1 outside interface, so I don’t think that would be the issue.
anav; I appreciate the reply! since most/all routers also act as NAT boxes, that would cause the port to change, right? There’s the defconf masquerade rule on mine which may somehow be affecting this? If i delete said masquerade rule, then the packet exits the network on port 19132, but, of course, the packet is sent with the internal server IP as the src IP.
Any further help is appreciated! Still haven’t figured this out.
Well, still not sure what was going on, but I moved the minecraft BE server to a different host, and now that same dst-nat rule is functioning as I would’ve expected it to work.
Were you by chance having users in the same LAN trying to read the server by WAN IP dyndns URL???
This is alleviated by moving users or server to a different LAN