Community discussions

MikroTik App
 
rdhw
just joined
Topic Author
Posts: 17
Joined: Wed Jun 01, 2011 12:31 am

IP cloud useless behind NAT

Mon Jun 23, 2014 8:51 pm

If the Mikrotik box is behind a NAT router, then the /ip cloud service is useless, because it registers the LAN IP address of the Mikrotik, instead of the true external IP address.

Please can the /ip cloud feature can be enhanced with an option to register the true external IP address, as sensed by the IP Cloud server, instead of the LAN IP address of the Mikrotik WAN interface.
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: IP cloud useless behind NAT

Tue Jun 24, 2014 1:38 am

If you login to your NAT router then surely you can forward the winbox port to your internal device?
 
jarda
Forum Guru
Forum Guru
Posts: 7765
Joined: Mon Oct 22, 2012 4:46 pm

Re: IP cloud useless behind NAT

Tue Jun 24, 2014 7:52 am

Use the ddns script. It works reliably.
 
rdhw
just joined
Topic Author
Posts: 17
Joined: Wed Jun 01, 2011 12:31 am

Re: IP cloud useless behind NAT

Tue Jun 24, 2014 12:37 pm

If you login to your NAT router then surely you can forward the winbox port to your internal device?
You miss the point completely. It is the NAT router that has a public IP address that is dynamically allocated by the ISP, so I am seeking a solution for locating the public IP address of the NAT router, in order to access the Mikrotik. Of course the Mikrotik is in the router's DMZ, so there is no problem reaching the Mikrotik once the NAT router has been located.
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: IP cloud useless behind NAT

Wed Jun 25, 2014 1:09 pm

If you login to your NAT router then surely you can forward the winbox port to your internal device?
You miss the point completely. It is the NAT router that has a public IP address that is dynamically allocated by the ISP, so I am seeking a solution for locating the public IP address of the NAT router, in order to access the Mikrotik. Of course the Mikrotik is in the router's DMZ, so there is no problem reaching the Mikrotik once the NAT router has been located.
Ah, my mistake

In this case I guess you would need to use the DDNS script or another method to get your external IP Address as I think it would easily cause messes with people behind ISP NAT where you are unable to punch through it or where if you took your router somewhere your password could easily be nicked by a bad actor.

If they add an option to have them detect it then that would be great however I think there are many downsides to the likely outcome of it and I am not sure you will get the change you desire in this feature.

Regards
Alexander
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1226
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: IP cloud useless behind NAT

Wed Jun 25, 2014 1:55 pm

Isn't the cloud notification happening in an "on event" fashion. e.g. change of the IP assigned to the WAN interface?
If this is the case, the whole cloud stuff is useless, since your WAN IP in the DMZ won't change, thus no public IP change events will be generated/notified.
IMHO the router hosting the public interface needs to solve dynamic DNS issues, not one from your DMZ or LAN.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24851
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: IP cloud useless behind NAT

Wed Jun 25, 2014 1:58 pm

No, IP is updated every minute, regardless of changes. Next version will allow you to choose between public IP and local IP.
No answer to your question? How to write posts
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1226
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: IP cloud useless behind NAT

Wed Jun 25, 2014 2:08 pm

Tnx. for the clarification normis.
Still I think it's a good concept that every network device should be self-sufficient to resolve its access requirements, including dynamic DNS registrations.
In this way there are no dependencies between the two, and GW access will be available even if the DMZ/LAN device responsible with the registration fails.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
rdhw
just joined
Topic Author
Posts: 17
Joined: Wed Jun 01, 2011 12:31 am

Re: IP cloud useless behind NAT

Wed Jun 25, 2014 6:22 pm

Next version will allow you to choose between public IP and local IP.
Thank you!!
 
Buzz
just joined
Posts: 13
Joined: Sat Aug 09, 2014 11:44 am

Re: IP cloud useless behind NAT

Sun Aug 10, 2014 9:54 pm

is there anyway to force update ip cloud after power loss for my 951Ui-2HnD ??
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24851
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: IP cloud useless behind NAT

Mon Aug 11, 2014 11:35 am

is there anyway to force update ip cloud after power loss for my 951Ui-2HnD ??
It does this automatically, every 60s, or you can use the "force-update" command in console
No answer to your question? How to write posts
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 02, 2013 1:42 am

Re: IP cloud useless behind NAT

Mon Aug 11, 2014 2:29 pm

Normis, and what if we use multiple WAN connecties?

Does this also work with the new version of The Mikrotik cloudservices?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6284
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: IP cloud useless behind NAT

Fri Aug 15, 2014 11:48 am

it will resolve to one of your global IP addresses. If your firewall is configured properly, you will be able to connect to one of the WAN interfaces and establish a connection the router.

Or what is the problem?
 
rado3105
Member
Member
Posts: 493
Joined: Sat Jan 12, 2008 11:45 pm

Re: IP cloud useless behind NAT

Wed Sep 10, 2014 6:26 pm

I had v6.18 installed and after changing public ip ip cloud didnt changed it. I had to come on place and do force-update manually. Why?
I upgraded to v6.19, hope it solved this problem.
 
HaPe
Member Candidate
Member Candidate
Posts: 241
Joined: Fri Feb 10, 2012 10:24 pm
Location: Poland

Re: IP cloud useless behind NAT

Sat Sep 13, 2014 4:12 pm

I have a suggestion for IP Cloud, make an checkbox ( Use my external IP) which will make that MT will check IP using remote service, that can for example connect to mt servers and check your outgoing ip (outside IP) and assign to this domain.
In anticipation on new The Dude release.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: IP cloud useless behind NAT

Sun Sep 14, 2014 2:14 pm

It already does that. It is using external ip address for the hostname.
It was not like this in first version it appeared, so just make sure you are using the latest routeros version.
 
itmethod
newbie
Posts: 29
Joined: Tue Feb 18, 2014 8:44 pm

Re: IP cloud useless behind NAT

Sun Oct 26, 2014 8:17 pm

I use multiple wan how do I direct this out a specific wan. ? is there an ip range I can use and set a /ip route rule for? My problem is my main isp uses nat and proxy before it gets to my router but my other isps don't So I need to manage from wan2 or wan 3.
is there a script i need to run becuase of it being host name and not IPs?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24851
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: IP cloud useless behind NAT

Mon Oct 27, 2014 2:20 pm

I use multiple wan how do I direct this out a specific wan. ? is there an ip range I can use and set a /ip route rule for? My problem is my main isp uses nat and proxy before it gets to my router but my other isps don't So I need to manage from wan2 or wan 3.
is there a script i need to run becuase of it being host name and not IPs?
you can use policy routing, to determine which gateway will be used for which connections.
http://wiki.mikrotik.com/wiki/Testwiki/ ... on_example
No answer to your question? How to write posts
 
Alaaalaa
just joined
Posts: 5
Joined: Sun May 24, 2015 9:41 pm

Re: IP cloud useless behind NAT

Sun May 24, 2015 10:09 pm

I Have problem with access my RB I activate the cloud service and I get my DNS name but when I am try to log from winbox it says wrong username or password
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24851
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: IP cloud useless behind NAT

Mon May 25, 2015 10:27 am

I Have problem with access my RB I activate the cloud service and I get my DNS name but when I am try to log from winbox it says wrong username or password
you are logging into a different router maybe? are you sure your DDNS address resolves to correct IP? If there is NAT, is it correctly configured for redirection ?
No answer to your question? How to write posts
 
Alaaalaa
just joined
Posts: 5
Joined: Sun May 24, 2015 9:41 pm

Re: IP cloud useless behind NAT

Thu May 28, 2015 10:36 pm

I Have problem with access my RB I activate the cloud service and I get my DNS name but when I am try to log from winbox it says wrong username or password
you are logging into a different router maybe? are you sure your DDNS address resolves to correct IP? If there is NAT, is it correctly configured for redirection ?

Hey
actually I dont know how to configure the NAT for redirection, and I am sure I am logging to my router, I take the IP from cloud and when I try to log in via winbox it says wrong username or password.
can you help me with this,
and can I upload router configuration in a backup file then u can see what is the issue..?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24851
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: IP cloud useless behind NAT

Fri May 29, 2015 12:43 pm

I Have problem with access my RB I activate the cloud service and I get my DNS name but when I am try to log from winbox it says wrong username or password
you are logging into a different router maybe? are you sure your DDNS address resolves to correct IP? If there is NAT, is it correctly configured for redirection ?

Hey
actually I dont know how to configure the NAT for redirection, and I am sure I am logging to my router, I take the IP from cloud and when I try to log in via winbox it says wrong username or password.
can you help me with this,
and can I upload router configuration in a backup file then u can see what is the issue..?
if your device has a private address, the cloud name will resolve to your ISP device. if you don't have access to it, you can't configure redirection. you can't use cloud in this case
No answer to your question? How to write posts
 
Alaaalaa
just joined
Posts: 5
Joined: Sun May 24, 2015 9:41 pm

Re: IP cloud useless behind NAT

Fri May 29, 2015 2:54 pm

I have access to my device I can log in via winbox if I directly connect it to my PC or wireless Via IP with my username and password but when I am try to log in from another internet network with the DNS name that I got it from cloud service it says wrong username or password that what I dont know why and if the reason is the firewall and NAT , I dont know how to configure them... please any Idea ??
 
Alaaalaa
just joined
Posts: 5
Joined: Sun May 24, 2015 9:41 pm

Re: IP cloud useless behind NAT

Sat May 30, 2015 10:15 pm

I have access to my device I can log in via winbox if I directly connect it to my PC or wireless Via IP with my username and password but when I am try to log in from another internet network with the DNS name that I got it from cloud service it says wrong username or password that what I dont know why and if the reason is the firewall and NAT , I dont know how to configure them... please any Idea ??
 
victornc
just joined
Posts: 3
Joined: Fri Dec 16, 2016 1:09 pm

Re: IP cloud useless behind NAT

Fri Dec 16, 2016 1:15 pm

Create script with code:
/ip cloud force-update

And update with Scheduler for 5 min.

I have router NAT by DMZ... OK¡¡¡
 
kaas
just joined
Posts: 19
Joined: Wed Mar 18, 2009 11:31 am

Re: IP cloud useless behind NAT

Sat May 06, 2017 11:55 am

just do a script so you do not force an update every 5 min if your ip didn't change. Schedule this scrip to run every 5 min
/system script
add name=dnsmikrotik owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global previousIP;\r\
    \n:global currentIP [:resolve myip.opendns.com server=208.67.222.222];\r\
    \n\r\
    \n:if (\$currentIP != \$previousIP) do={\r\
    \n:log info \"Force update\"\r\
    \n:set previousIP \$currentIP\r\
    \n/ip cloud force-update \r\
    \n\r\
    \n}"

:global previousIP;
:global currentIP [:resolve myip.opendns.com server=208.67.222.222];
:if ($currentIP != $previousIP) do={
:log info "Force update"
:set previousIP $currentIP
/ip cloud force-update
}
 
yohanvil
just joined
Posts: 7
Joined: Fri Aug 21, 2009 3:22 pm

Re: IP cloud useless behind NAT

Thu Jun 01, 2017 7:20 pm

Hi!

I use a 4G LTE Router, and after that I've installed a Mikrotik HaP Lite, I dont have the manage of the Public IP Address, so... isn't any kind of P2P protocol for remote management?? like the survelliance Cameras??

Sorry for my poor english.

Thanks.
 
User avatar
winet
Member Candidate
Member Candidate
Posts: 272
Joined: Fri Mar 16, 2007 4:49 pm
Location: Indonesia

Re: IP cloud useless behind NAT

Sat Jul 22, 2017 2:12 pm

I was hoping there's solution for this matter. If only mikrotik could make a cloud service, where winbox can be opened remotely from anywhere, even if the router is behind NAT, and have no port forwarding nor DMZ enabled. So it is like Teamviewer, which uses VNC Protocol but without the the port forwarding fuss.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: IP cloud useless behind NAT

Sat Jul 22, 2017 4:49 pm

I'd rather if they didn't, and not just them. I know it's unhelpful and may even sound hostile, but that's not the intention.

All these get-me-though-NAT clouds look as great for users at first. They allow to overcome public address shortage and let them connect to all kinds of devices like routers, cameras, etc. What's not to like, right? The trouble is, users are not the ones who profit most from it, quite the contrary. The real lucky ones are lazy ISPs who sell crappy NATed internet access and charge premiums for public addresses to those who can't live without them. Proper solution is providing IPv6 with almost unlimited number of public addresses for everyone, but why bother? Users don't demand it too much anyway, because using the right cloud is easier. And we're stuck. So while these clouds look good at first, they are actually very bad in long term, because they help to delay the proper solution.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
User avatar
winet
Member Candidate
Member Candidate
Posts: 272
Joined: Fri Mar 16, 2007 4:49 pm
Location: Indonesia

Re: IP cloud useless behind NAT

Sat Jul 22, 2017 6:10 pm

I'd rather if they didn't, and not just them. I know it's unhelpful and may even sound hostile, but that's not the intention.

All these get-me-though-NAT clouds look as great for users at first. They allow to overcome public address shortage and let them connect to all kinds of devices like routers, cameras, etc. What's not to like, right? The trouble is, users are not the ones who profit most from it, quite the contrary. The real lucky ones are lazy ISPs who sell crappy NATed internet access and charge premiums for public addresses to those who can't live without them. Proper solution is providing IPv6 with almost unlimited number of public addresses for everyone, but why bother? Users don't demand it too much anyway, because using the right cloud is easier. And we're stuck. So while these clouds look good at first, they are actually very bad in long term, because they help to delay the proper solution.
With or without it, won't change anything. Private IP Addresses ISPs will still roam the internet, especially 3G/4G network operators.

Who is online

Users browsing this forum: maumagro, rioven and 135 guests