Community discussions

MikroTik App
 
User avatar
smccloud
newbie
Topic Author
Posts: 29
Joined: Fri Mar 21, 2014 10:51 pm

hAP ac no Internet on LAN

Mon Feb 18, 2019 8:35 pm

I am in the process of setting up my hAP ac to replace my Meraki MX64. Initially, I had Internet access on it, but now I have lost it, I cannot think of a reason for this unless I have my NAT rules wrong.
# feb/18/2019 12:33:38 by RouterOS 6.43.12
# software id = RSZ9-Z8D6
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = NOWAY
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=3390 protocol=tcp src-address=\
    216.251.177.50 to-addresses=172.16.6.11 to-ports=3389
add action=dst-nat chain=dstnat dst-port=32400 protocol=tcp to-addresses=\
    172.16.6.2 to-ports=32400
add action=dst-nat chain=dstnat dst-port=51413 protocol=tcp to-addresses=\
    172.16.6.2 to-ports=51413
add action=dst-nat chain=dstnat dst-port=51413 protocol=udp to-addresses=\
    172.16.6.2 to-ports=51413
add action=dst-nat chain=dstnat dst-port=5631 protocol=tcp to-addresses=\
    172.16.6.2 to-ports=22
add action=dst-nat chain=dstnat disabled=yes dst-port=443 protocol=tcp \
    to-addresses=172.16.6.2 to-ports=443
add action=dst-nat chain=dstnat dst-port=55555 protocol=udp to-addresses=\
    172.16.6.2 to-ports=55555
add action=dst-nat chain=dstnat dst-port=8100 protocol=tcp to-addresses=\
    172.16.6.7 to-ports=80
Do I have my NAT wrong? Internet came back when I disabled the port 443 one.
 
proximus
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Oct 04, 2011 1:46 pm

Re: hAP ac no Internet on LAN

Mon Feb 18, 2019 8:58 pm

Include a "in-interface=<Your WAN Interface>" parameter. As it is, the destination 443 rule is catching all 443 traffic.
 
User avatar
smccloud
newbie
Topic Author
Posts: 29
Joined: Fri Mar 21, 2014 10:51 pm

Re: hAP ac no Internet on LAN

Mon Feb 18, 2019 9:05 pm

Include a "in-interface=<Your WAN Interface>" parameter. As it is, the destination 443 rule is catching all 443 traffic.
That did it, thank you. I wish more guides online would have that included.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hAP ac no Internet on LAN

Tue Feb 19, 2019 3:34 pm

I think the key here is to think of MT functionality as being general and not specific.
In other words destination NAT and source NAT do not mean exclusively from WAN to LAN and LAN to WAN.
Its simply a way of tracking packets coming into one interface and going to another interface.

Thus its important to let the router know that the packets are coming in from the WAN side.......
Otherwise how is it to know??
Concur the examples in the WIKI are sheite in this regard.
 
User avatar
smccloud
newbie
Topic Author
Posts: 29
Joined: Fri Mar 21, 2014 10:51 pm

Re: hAP ac no Internet on LAN

Tue Feb 19, 2019 4:12 pm

Still trying to get IPv6 working, specifically DNS. But I will figure it out.

Who is online

Users browsing this forum: BioMax, xrlls and 39 guests