Community discussions

MikroTik App
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 200
Joined: Fri Nov 12, 2010 7:18 pm

BTest blocked - any alternative

Fri Sep 10, 2021 8:50 am

Hi!

BTest is blocked by one of my providers (LTE).
Is there any possibility to change the port, BTest is using?

Thank you for your help
Stril
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: BTest blocked - any alternative

Fri Sep 10, 2021 8:56 am

NATting BTest ports?
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 200
Joined: Fri Nov 12, 2010 7:18 pm

Re: BTest blocked - any alternative

Fri Sep 10, 2021 5:26 pm

But I am not able to choose the destination-port for the btest client.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: BTest blocked - any alternative

Fri Sep 10, 2021 5:43 pm

Do you mean external BTest servers that other people are running?
Why would your ISP block random ports for outgoing traffic??
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 200
Joined: Fri Nov 12, 2010 7:18 pm

Re: BTest blocked - any alternative

Fri Sep 10, 2021 5:50 pm

Hi!

Sorry, but I do not really understand your setup:

1. Server:
I can use a server and NAT its BTest-Server to another port

2. Client:
The Client would need to connect to a different port, but there is no port-parameter for BTest, or would you manipulate the port by NAT?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: BTest blocked - any alternative

Fri Sep 10, 2021 7:58 pm

RouterOS normally does not permit dst-nat of outgoing sessions (nor src-nat of incoming sessions), but there is an ugly trick allowing both. It will cost some CPU cycles, but I assume your router model is powerful enough that the bottleneck for the btest would be the LTE throughput.
  • choose any two own IPs of the router, a.a.a.a and b.b.b.b
  • create two /interface ipip, forming a tunnel between these two local IPs:
    name=A2B local-address=a.a.a.a remote-address=b.b.b.b mtu=1500
    name=B2A local-address=b.b.b.b remote-address=a.a.a.a mtu=1500
  • attach an IP address c.c.c.1/32, not conflicting with any of the subnets you use, to interface A2B
  • create an /ip firewal nat rule:
    chain=srcnat out-interface=A2B action=src-nat to-addresses=c.c.c.2/32
    (c.c.c.2 must also not interfere with any subnet you use)
  • create a default route with the same gateway like the existing one but with routing-mark=aux
  • create an /ip route rule row:
    interface=B2A action=lookup-only-in-table table=aux
  • create an /ip firewal nat rule:
    chain=dstnat in-interface=B2A protocol=tcp dst-port=2000 action=dst-nat to-ports=22222
    (or whatever port you'll be redirecting to 2000 at the remote btest server)
  • create two /ip route rows:
    dst-address=s.s.s.s gateway=A2B
    (where s.s.s.s is the address of the btest server)
    dst-address=c.c.c.2 gateway=B2A
  • make sure that a src-nat or masquerade rule exists, matching on out-interface=LTE or out-interface-list=WAN
This way, btest will send the connection establishing packet to s.s.s.s using A2B as the output interface; the connection will get src-nated to c.c.c.2. Once the packet passes through the tunnel, it will emerge from B2A and hit the dst-nat rule; in order that it wouldn't loop to A2B again, the routing rule will mark it with routing-mark=aux, so the default route with the same routing-mark will send it via the regular WAN (LTE) interface to the destination; before actually leaving, it will get src-nated (masqueraded) again.

The response packet from s.s.s.s will arrive on the WAN interface and get un-src-nated to c.c.c.2; as c.c.c.2 is not one of router's own addresses, it will be routed via B2A (that's the reason why we needed to src-nat the initial request from c.c.c.1 to c.c.c.2) and un-dst-nated on the way; once it passes through the tunnel and emerges from A2B, it will get un-src-nated again and land on c.c.c.1 from s.s.s.s:2000.

Who is online

Users browsing this forum: Bing [Bot] and 66 guests