I recently upgraded from a 751U on 6.2 to a RB2011 (wireless one) on 6.45.3 and my Platstations have stopped connecting. They pull IP settings, pass the connection test, and are able to sign into playstation network, but will then disconnect with DNS errors as soon as you try to open Youtube, store etc. Internet and DHCP work fine for the rest of the network. The 751 had the same basic config and worked fine without enabling upnp or any forwarding. If I switch back to the 751 the issue goes away.
Things I've tried so far:
A few reset-configs and reconfigures. I've reconfigured both manually and via copying bits of config from other working routers.
Enabling upnp and setting up inside/outside interfaces. I can see the dynamic NATs being created but the counters only ever increment by a few bytes.
Unplugging one playstation under the assumption that one would get NAT2 and the other NAT3. This seemingly had no effect, but I've left one off for now.
Setting the playstations to static via DHCP and creating the NAT rules manually.
Setting IP & public DNS manually on the playstations.
Torching and forwarding ports I see the playstation trying to open connections on.
Any ideas? I'd just stay on the 751U, but the point of this upgrade was to take advantage of 300Mb internet.
Playstation NAT issues on 6.45.3
Last edited by ephekt on Mon Sep 07, 2020 2:34 am, edited 1 time in total.
Re: Playstation NAT issues on 6.45.3
Hey
1) Do you have globaly routable IP address from your ISP? Not from 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0./12, 192.168.0.0/16 ranges.
2) I would manually configure destination NAT rules.
1) Do you have globaly routable IP address from your ISP? Not from 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0./12, 192.168.0.0/16 ranges.
2) I would manually configure destination NAT rules.
Re: Playstation NAT issues on 6.45.3
Firewall exactly the same on both units?
You really need to do a /export hide-sensitive so people can try to help.
You really need to do a /export hide-sensitive so people can try to help.
Re: Playstation NAT issues on 6.45.3
I have a routable IP on the WAN.
I've already tried manually creating the dst-nat.
The configs are identical and I removed the firewall filter rules for testing.
I've already tried manually creating the dst-nat.
The configs are identical and I removed the firewall filter rules for testing.
Code: Select all
# aug/21/2019 10:44:21 by RouterOS 6.45.3
# software id = JP80-AB4J
#
# model = 2011UiAS-2HnD
# serial number = 467404C36448
/interface bridge
add admin-mac=4C:5E:0C:41:81:62 auto-mac=no fast-forward=no mtu=1500 name=\
bridge-lan
/interface ethernet
set [ find default-name=ether1 ] name=eth1-gateway speed=100Mbps
set [ find default-name=ether2 ] comment="bridge master" name=eth2-lan speed=\
100Mbps
set [ find default-name=ether3 ] name=eth3-lan speed=100Mbps
set [ find default-name=ether4 ] name=eth4-lan speed=100Mbps
set [ find default-name=ether5 ] name=eth5-lan speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=100Mb \
name=eth6-lan
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=eth7-lan
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=eth8-lan
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=eth9-lan
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
eth10-lan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk disable-pmkid=yes eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys name=wifi \
supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country="united states" disabled=no installation=indoor mode=ap-bridge \
security-profile=wifi ssid=BEAUVAIS wireless-protocol=802.11
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=pool-dhcp ranges=10.1.1.2-10.1.1.254
/ip dhcp-server
add address-pool=pool-dhcp always-broadcast=yes authoritative=\
after-2sec-delay disabled=no interface=bridge-lan name=dhcp-server
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-name=""
/interface bridge port
add bridge=bridge-lan interface=eth2-lan
add bridge=bridge-lan interface=wlan1
add bridge=bridge-lan interface=eth6-lan
add bridge=bridge-lan interface=eth3-lan
add bridge=bridge-lan interface=eth4-lan
add bridge=bridge-lan interface=eth5-lan
add bridge=bridge-lan interface=eth7-lan
/ip address
add address=10.1.1.1/24 comment=LAN interface=wlan1 network=10.1.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=eth1-gateway
/ip dhcp-server lease
add address=10.1.1.2 client-id=1:0:1c:c0:a2:21:c2 comment=Me mac-address=\
00:1C:C0:A2:21:C2 server=dhcp-server
add address=10.1.1.252 client-id=1:a8:b8:6e:5c:93:ae comment="My phone" \
mac-address=A8:B8:6E:5C:93:AE server=dhcp-server
add address=10.1.1.80 client-id=1:0:1f:a7:75:c2:37 comment=PS3 mac-address=\
00:1F:A7:75:C2:37 server=dhcp-server
add address=10.1.1.1 client-id=1:0:d8:61:52:cd:26 mac-address=\
00:D8:61:52:CD:26 server=dhcp-server
/ip dhcp-server network
add address=10.1.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat comment="WAN masq" out-interface=\
eth1-gateway
add action=dst-nat chain=dstnat comment=PS4 dst-port=3478-3479 in-interface=\
eth1-gateway protocol=udp to-addresses=10.1.1.80 to-ports=3478-3479
add action=dst-nat chain=dstnat comment=PS4 dst-port=80 in-interface=\
eth1-gateway protocol=tcp to-addresses=10.1.1.80
add action=dst-nat chain=dstnat comment=PS4 dst-port=443 in-interface=\
eth1-gateway protocol=tcp to-addresses=10.1.1.80
add action=dst-nat chain=dstnat comment=PS4 dst-port=3478 in-interface=\
eth1-gateway protocol=tcp to-addresses=10.1.1.80 to-ports=3478
add action=dst-nat chain=dstnat comment=PS4 dst-port=3478 in-interface=\
eth1-gateway protocol=udp to-addresses=10.1.1.80 to-ports=3478
add action=dst-nat chain=dstnat comment=PS4 dst-port=3479 in-interface=\
eth1-gateway protocol=tcp to-addresses=10.1.1.80 to-ports=3479
add action=dst-nat chain=dstnat comment=PS4 dst-port=3479 in-interface=\
eth1-gateway protocol=udp to-addresses=10.1.1.80 to-ports=3479
add action=dst-nat chain=dstnat comment=PS4 dst-port=3480 in-interface=\
eth1-gateway protocol=tcp to-addresses=10.1.1.80 to-ports=3480
add action=dst-nat chain=dstnat comment=PS4 dst-port=3480 in-interface=\
eth1-gateway protocol=udp to-addresses=10.1.1.80 to-ports=3480
add action=dst-nat chain=dstnat comment=\
"upnp 10.1.1.80: 10.1.1.80:3658 to 3658 (UDP)" dst-address=68.114.117.104 \
dst-port=3658-60000 in-interface=eth1-gateway protocol=udp to-addresses=\
10.1.1.80
add action=dst-nat chain=dstnat comment=\
"upnp 10.1.1.80: 10.1.1.80:3658 to 3658 (UDP)" dst-address=68.114.117.104 \
dst-port=3658-60000 in-interface=eth1-gateway protocol=tcp to-addresses=\
10.1.1.80
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=eth1-gateway type=external
add interface=bridge-lan type=internal
/lcd interface pages
set 0 interfaces="sfp1,eth1-gateway,eth2-lan,eth3-lan,eth4-lan,eth5-lan,*7,eth\
7-lan,eth8-lan,eth9-lan,eth10-lan"
/system clock
set time-zone-autodetect=no
/system ntp client
set enabled=yes primary-ntp=132.163.97.1 secondary-ntp=17.253.6.253
/tool graphing interface
add interface=wlan1
add interface=eth1-gateway