So this is my first post on here
Please could someone help.
I have a satellite feed coming into port one of my RB750gl with a subnet of 10.112.14.0/24 and i have an NVR on a subnet of 192.0.0.0/24 on eth3 and i cant seem to get in externally. I have had a look at hairpin nat for port forwarding and i seem to be hitting a miss.
There is also a hotspot running on the RB750gl on eth 2.
My client needs to access the nvr on the 192.0.0.0/24 range, would i use a mangle then setup dst-nat port forwarding to the nvr?
Welcome here.
If you want to access internal ip/port from outside having nat between lan and wan you just need to add accepting dst-nat rule for selected port. Then you need to accept related and established connections in forward chain before general drop. Call to your external ip from outside using the selected port makes forwarding the packet to internal ip and opens the connection in conntrack . The rest is handled by the other two rules. No need for mangling. Neither hairpin.
weird thing is tho, i setup the dst-nat chain with dst port to forward ports to the nvr ip with port. however when i dial in externally into the network, i am unable to see any packets hitting the port forwards. do i need to specify source or dst address under the 1st tab under add new nat rule?
can i supply a printout?
also, seems that the public ip changes constantly, like a lease of 30 mins or so which i find wierd for an satellite isp, especially due to the high latency :O.
That I told you. The 10.x.x.x is not public ip range. Check on some speed test webpage what is your public ip. I am pretty sure your wan is behind nat of your isp. Check it…
Just spoke to our ISP and it seems the connection on the satellite end does have NAT enabled. Also found that our RB750gl here is faulty and i will be replacing it with a rb2011uias-2hnd-in.
Essentially when i get the new router i will have it running on base settings.
/28—10.112.14.225-10.112.14.238>>>Eth1-Gateway - dhcp client from satellite
/24—172.16.10.20-172.16.10.200>>>Eth2-Office internal off with NVR and IP Cameras
/24—172.16.8.10-172.16.8.15>>>Eth3-Web Server, squid proxy for transparent caching and maybe an asterisk
/24—172.16.6.2-172.16.6.4>>>Eth4-NAS for backups
/21—172.16.0.10-172.16.7.254>>>Eth5-Hotspot for 2000 clients
From Eth6-10 i will make use of at a later stage.
So with my forwarding, will i just have to select the interface and specify eth1 gateway as the out interface with the dst-nat ports to the relevant ip etc??
You don’t need to specify wan interface when setting dst-nat. The question still remains: will the incoming traffic reach your router thru nat of your isp?
