Community discussions

MikroTik App
 
QltM4VoVY8Q
just joined
Topic Author
Posts: 1
Joined: Wed May 03, 2023 9:20 pm

NAT Rules - Did I change an option I should not have?

Tue May 16, 2023 4:31 pm

Hi there,

I apologize in advance if what I am asking is extremely basic. I have very limited knowledge of NATs, and I am simply trying to get my network to function.

The devices I am working with can be summarized as follow:
- Mobile phone
- ISP Router (local IP 192.168.0.1), bridged to
- Mikrotik Router+AP (local IP 172.10.0.1)
- Debian machine (local IP 172.10.0.139)

The Debian machine includes a wireguard subnet (172.99.0.0). I have an always-on VPN on my phone, that connects to that machine. The router therefore includes an open port that I did though the "Port Mapping" utility. That means "dstnat" of port 55555 (wireguard port) over udp to 172.10.0.139. Up to now, I could connect to the internet without any problem when I am on the mobile network, but it didn't work from the local wifi. That means, if my phone is directly connecte to the Mikrotik Router+AP with the VPN activated, I lose connectivity.

I looked around some more in the NAT rule that had been created when I mapped the port, and I tried a few things, without really knowing what I was doing, just to test. I settled on a sigle change: "In. Interface List" from "WAN" to "static". That seems to have solved the issue, for some reason. I can now access the VPN from both the mobile network and the local wifi. However, I have no idea why, and if it was a good idea. Would anyone be able to tell me if it was not something to do? Would I take any risk if I changed it to "all", for instance? Please ELI5, I'm really not in my element.

Thank you!

Who is online

Users browsing this forum: No registered users and 86 guests