first of all I'm very new to MikroTik, so excuse upfront
As I've an Huawei Inverter and it's known the Dongle which expose Modbus as well is not relyable I need to connect to the ModBus Server directly.
Following Setup:
ModBus Server - IP:192.168.200.1 Port: 6607 <-via WLAN DHCP-> MikroTik mAP lite <-> Ethernet via DHCP 192.168.2.4 <-> End Device: 192.168.20.0/26
What I've understand so far --- I need to create the NAT Rules (which I tried, but I cannot connect.
My config looks like this:
Code: Select all
# mar/25/2024 16:39:31 by RouterOS 6.49.11
# software id = 4N5V-GH7C
#
# model = RBmAPL-2nD
# serial number = XXXXXX
/interface bridge
add admin-mac=D4:01:C3:XX:XX:XX auto-mac=no comment=defconf name=bridge_lan
add name=bridge_wan
/interface pwr-line
set [ find default-name=pwr-line1 ] disabled=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=huawei supplicant-identity="" wpa2-pre-shared-key=XXXXXXX
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=germany disabled=no distance=indoors frequency=2437 installation=indoor security-profile=huawei ssid=SUN2000-XXXXX wireless-protocol=802.11
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge_lan name=defconf
/interface bridge port
add bridge=bridge_lan comment=defconf disabled=yes interface=pwr-line1
add bridge=bridge_wan interface=wlan1
add bridge=bridge_lan interface=LAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge_lan list=LAN
add comment="defconf; to huawei" interface=wlan1 list=WAN
add interface=ether1 list=LAN
add interface=bridge_wan list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge_lan network=192.168.88.0
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add comment=defconf interface=ether1
add disabled=no interface=bridge_lan
add disabled=no interface=bridge_wan use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=log chain=prerouting disabled=yes dst-port=6607 log=yes protocol=tcp
/ip firewall nat
add action=src-nat chain=srcnat dst-address=192.168.200.1 dst-port=6607 protocol=tcp src-address=192.168.20.0/26 to-addresses=192.168.200.2
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.200.1 dst-port=6607 protocol=tcp src-address=192.168.33.51 to-addresses=192.168.200.2
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=6607 in-interface=bridge_lan in-interface-list=LAN protocol=tcp src-address=192.168.20.0/26 to-addresses=192.168.200.1 to-ports=6607
add action=dst-nat chain=dstnat disabled=yes dst-port=6607 in-interface=bridge_lan in-interface-list=LAN protocol=tcp src-address=192.168.33.51 to-addresses=192.168.200.1 to-ports=6607
/ip service
set telnet disabled=yes
set winbox disabled=yes
/system clock
set time-zone-name=Europe/Berlin
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Can someone tell me what I'm doing wrong with NAT that my request are no passed (forth and back). If you wander .. the srcnat rule is required (as I've seem in different other forums) to make the Huawei are that only the sender receives the answer.
Thx in advance