Community discussions

MikroTik App
 
kkursor
just joined
Topic Author
Posts: 5
Joined: Mon Sep 02, 2019 7:58 pm
Location: Vnutrimkadsk, RU
Contact:

NAT to network without gateway - how to?

Thu Mar 11, 2021 12:32 am

Hi everyone! Help me, please, I've broken all my head with this problem :)

A little description of my network configuration.

I have RB2011 at home and ltAP Mini LTE kit in my car. I've discovered that my dashcam offers WiFi interface which can be used for viewing camera stream.

So I have:

[ home / 192.168.88.0/24 ] <-- openVPN --> [ pajero / home-ovpn @ 192.168.12.0/24 ] <-- wlan2 @ 192.168.1.1/24 --> [ dashcam 192.168.1.254 ]

The problem is that camera has no access to settings and it works as AP with its' own network which obviously does not have an option to set a gateway.

I'm trying to work it around with RouterOS and want to get port 554 forwarded to cameras' 80 one. I've done:
1. dst-nat from 192.168.12.1 dst-port 554 tcp to 192.168.1.254 port 80
2. src-nat dst-address=192.168.1.254 out-interface=wlan2 src-nat to-addresses=192.168.1.1 (or masquerade - it doesn't matter)

Without src-nat it expires on timeout. With src-nat - connection is closed by foreign host immediately.
I am trying to troubleshoot it using packet sniffer. That's what I see:
1. 192.168.88.77:46744 -> 192.168.12.1:554 via home-ovpn rx
2. 192.168.1.1:46744 -> 192.168.1.254:80 via wlan2 tx
3. 192.168.1.254:80 -> 192.168.1.1:46744 via wlan2 rx
and after a second or so
4. 192.168.88.77:46744 -> 192.168.12.1:554 via home-ovpn rx
5. 192.168.1.1:46744 -> 192.168.1.254:80 via wlan2 tx
6. 192.168.12.1:554 -> 192.168.88.77:46744 via home-ovpn tx

and after this handshake I see "connection closed by remote host".

It seems that the packets are correctly NATted to DVR and DVR responds, but somewhy this response is not forwarded to 192.168.88.77. After second negotiation device probably replies with RST and the response is being delivered to client.

On host with tcpdump I see:
kkursor@remotehost:~$ sudo tcpdump host 192.168.12.1 and port 554
[sudo] пароль для kkursor: 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:30:42.127818 IP remotehost.57992 > pajero.lcl.kkursor.ru.rtsp: Flags [S], seq 1029683073, win 64240, options [mss 1460,sackOK,TS val 1823222851 ecr 0,nop,wscale 7], length 0
01:30:42.169532 IP pajero.lcl.kkursor.ru.rtsp > remotehost.57992: Flags [S.], seq 2076905378, ack 1029683074, win 52128, options [mss 1460,nop,wscale 0,nop,nop,TS val 88928749 ecr 1823222851], length 0
01:30:42.169590 IP remotehost.57992 > pajero.lcl.kkursor.ru.rtsp: Flags [.], ack 1, win 502, options [nop,nop,TS val 1823222893 ecr 88928749], length 0
01:30:42.200342 IP pajero.lcl.kkursor.ru.rtsp > remotehost.57992: Flags [R], seq 2076905379, win 0, length 0
What can be wrong?
 
kkursor
just joined
Topic Author
Posts: 5
Joined: Mon Sep 02, 2019 7:58 pm
Location: Vnutrimkadsk, RU
Contact:

Re: NAT to network without gateway - how to?

Mon Mar 15, 2021 11:22 am

Something has cleared IP / Firewall / Connection / Tracking timeouts.
Now everything is OK. Thanks

Who is online

Users browsing this forum: BioMax, itvisionpk, tjanas94 and 35 guests