Community discussions

MikroTik App
 
Thapakaji
just joined
Topic Author
Posts: 2
Joined: Sat Oct 04, 2014 7:06 pm

2 wan port forwarding

Sun Oct 05, 2014 7:17 pm

i need to view my DVR remotely. The thing is that
1) i am using 2 wan; one public ip and other is Dynamic ip
2) PCC load balancing

Now i want to view my cameras remotely. I did everything but i could not open the ports. So if you guys could kindly help me with this.
 
flipk12
newbie
Posts: 35
Joined: Mon Oct 06, 2014 5:49 pm
Location: Asturias/Spain

Re: 2 wan port forwarding

Tue Oct 07, 2014 11:56 pm

i need to view my DVR remotely. The thing is that
1) i am using 2 wan; one public ip and other is Dynamic ip
2) PCC load balancing

Now i want to view my cameras remotely. I did everything but i could not open the ports. So if you guys could kindly help me with this.
Well, a drawing of the network will help. You also ned to know the ports that the cctv system neds to work. If it uses only a tcp port you don't have to worry about answering connections from the same gateway, mikrotik will do it 4 u, but if the cctv uses rtp conections associated to de control connection you have to chose for it the wateway using mangle chains to put routing marks to chose the corrrect gateway. When routing, the answer is allways the problem.

To do a simple ip napt the only thing that you have to do is a destination nat rule in the outside interface pointing the cctv, and accept this connection wth a forward rule.

I hope this help.
 
Thapakaji
just joined
Topic Author
Posts: 2
Joined: Sat Oct 04, 2014 7:06 pm

Re: 2 wan port forwarding

Sat Oct 11, 2014 9:01 pm

i need to view my DVR remotely. The thing is that
1) i am using 2 wan; one public ip and other is Dynamic ip
2) PCC load balancing

Now i want to view my cameras remotely. I did everything but i could not open the ports. So if you guys could kindly help me with this.
Well, a drawing of the network will help. You also ned to know the ports that the cctv system neds to work. If it uses only a tcp port you don't have to worry about answering connections from the same gateway, mikrotik will do it 4 u, but if the cctv uses rtp conections associated to de control connection you have to chose for it the wateway using mangle chains to put routing marks to chose the corrrect gateway. When routing, the answer is allways the problem.

To do a simple ip napt the only thing that you have to do is a destination nat rule in the outside interface pointing the cctv, and accept this connection wth a forward rule.

I hope this help.


Well my DVR uses following ports

http port: 2222
media port: 6001
Intercom port:6002
Mobile Port: 6003.
DVR address:192.168.10.222
Public IP (WAN1): 10.10.10.10 lets say
WAN2 is dynamic ip

what i have done is:

/ip firewall nat
add chain=dstnat action=dst-nat protocol=tcp dst-address=10.10.10.10 dst-port=2222 to-addresses=192.168.10.222 to-ports=2222
add chain=dstnat action=dst-nat protocol=tcp dst-address=10.10.10.10 dst-port=6001 to-addresses=192.168.10.222 to-ports=6001
add chain=dstnat action=dst-nat protocol=tcp dst-address=10.10.10.10 dst-port=6002 to-addresses=192.168.10.222 to-ports=6002
add chain=dstnat action=dst-nat protocol=tcp dst-address=10.10.10.10 dst-port=6003 to-addresses=192.168.10.222 to-ports=6003

/ip firewall filter
add chain=forward action=accept protocol=tcp dst-address=192.168.10.222 dst-port=2222
add chain=forward action=accept protocol=tcp dst-address=192.168.10.222 dst-port=6001
add chain=forward action=accept protocol=tcp dst-address=192.168.10.222 dst-port=6002
add chain=forward action=accept protocol=tcp dst-address=192.168.10.222 dst-port=6003

/ip firewall mangle
add chain=prerouting in-interface=ISP1 connection mark=no-mark action=mark-connection \ new connection mark=DVR

That's all i did.

So can't i route the traffic of dvr from WAN1(public ip) only so that i can be able to view me dvr rometly?
Thanks for your help
 
flipk12
newbie
Posts: 35
Joined: Mon Oct 06, 2014 5:49 pm
Location: Asturias/Spain

Re: 2 wan port forwarding

Thu Oct 16, 2014 11:24 pm

I think that ipnapt rules are correct .... but
What about the /ip route export?
And the outgoing nat and masquerade rules for outgoing traffic on both interfaces?
Does it works when turning off dinamic IP interface?

Who is online

Users browsing this forum: anav and 56 guests