So. I have clients who want to play Modern Warfare 2. Apparently even if I have a one to one translation for the clients it still tries to use UPnP. My problem is that the dynamic rules UPnP creates have the wrong Dst. Address (our gateway’s IP). I was able to fix this by changing the rule to masquerade for any one that does not have a one to one translation and disabling the srcnat for anyone that does have a one to one translation. Am I missing a step or do I have something configured wrong? How many clients is it safe to translate to a single IP?
This works:
/ip firewall nat
add action=netmap chain=srcnat comment="" disabled=yes out-interface=ether2 src-address=10.169.1.12 to-addresses=72.x.5.253
add action=netmap chain=dstnat comment="" disabled=no dst-address=72.x.5.254 to-addresses=10.149.0.199
...
add action=masquerade chain=srcnat comment="Main Nat" disabled=no out-interface=ether2 src-address-list="Internal Nat Range"
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=ether2 type=external
add disabled=no interface=ether1 type=internal
add disabled=no interface=vlan002 type=internal
...
This does not work.
/ip firewall nat
add action=netmap chain=srcnat comment="" disabled=no out-interface=ether2 src-address=10.169.1.12 to-addresses=72.x.5.253
add action=netmap chain=dstnat comment="" disabled=no dst-address=72.x.5.254 to-addresses=10.149.0.199
...
add action=src-nat to-address=72.x.16.1-72.x.19.254 chain=srcnat comment="Main Nat" disabled=no out-interface=ether2 src-address-list="Internal Nat Range"
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=ether2 type=external
add disabled=no interface=ether1 type=internal
add disabled=no interface=vlan002 type=internal
...