Community discussions

MikroTik App
 
LunaticRv
newbie
Topic Author
Posts: 42
Joined: Mon Dec 31, 2018 8:50 am

Static Route and NAT - Cannot reach server in R1 while reachable on outside and R2

Wed Apr 17, 2024 1:33 am

I'm encountering an issue with my MikroTik router configuration regarding NAT and static routing. Here's my setup:

Topology: EdgeRouter -> R1 - NAT -> R2 - BNG

Configuration:
### Router 1
/ip address
add address=11.11.11.11 interface=VL_100-NAT-to-BNG network= 11.11.11.12

/ip route
add distance=1 dst-address=10.10.27.52/30 gateway=11.11.11.12 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

/ip firewall nat
add action=src-nat chain=srcnat comment="Server #1" out-interface=OUT_INTERFACE src-address=10.10.27.54 to-addresses=22.22.22.22
add action=dst-nat chain=dstnat dst-address=22.22.22.22 dst-port=80 protocol=tcp to-addresses=10.10.27.54 to-ports=80
add action=dst-nat chain=dstnat dst-address=22.22.22.22 dst-port=443 protocol=tcp to-addresses=10.10.27.54 to-ports=443
add action=dst-nat chain=dstnat dst-address=22.22.22.22 dst-port=8080 protocol=tcp to-addresses=10.10.27.54 to-ports=8080
add action=dst-nat chain=dstnat dst-address=22.22.22.22 protocol=icmp to-addresses=10.10.27.54

### Router 2
/ip address
add address=11.11.11.12 interface=VL_100-NAT-to-BNG network= 11.11.11.11
add address=10.10.27.53/30 comment="Server #1" interface=Bridge network=10.10.27.52

/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=11.11.11.11 routing-table=main suppress-hw-offload=no
Explanation:

R1 handles NAT
R2 handles PPPoE connections and servers
I have a server with the IP address 10.10.27.54/30 on R2
On R1, I've routed traffic destined for the 10.10.27.52/30 network to the R2 gateway (public IP) and NAT'ed the server's IP address (10.10.27.54) to another public ip 22.22.22.22 on R1

The problem:
While I can ping/reach the server's original IP address (10.10.27.54) from R1 without any issues, I'm unable to ping the NATed IP address (22.22.22.22). When attempting to ping/reach 22.22.22.22 from R1, I receive the error message "Invalid argument".

I can both reach its local ip and NAT'ed IP on R2 without any issue. Also the server is reachable from the outside of the network without any issues.

I've already tried the following troubleshooting steps without success:

Verified the NAT configuration on R1 to ensure proper translation of traffic.
Checked firewall rules on R1 to ensure ICMP packets to the NATed IP address are allowed.
Confirmed interface configuration on R1 for any errors or issues.
Despite these efforts, the issue persists. Can anyone provide guidance on how to resolve this problem? Are there any additional steps I should take to troubleshoot or any potential misconfigurations I might have overlooked?

Any help would be greatly appreciated!
 
TheCat12
Member Candidate
Member Candidate
Posts: 196
Joined: Fri Dec 31, 2021 9:13 pm

Re: Static Route and NAT - Cannot reach server in R1 while reachable on outside and R2

Wed Apr 17, 2024 8:27 pm

Is there masquerading/src-natting on R2? And how can a network address have a higher address than the first IP of the subnet?! (I'm referring to the /ip address entry for the VLAN on R1). Probably it's a misconfiguration
 
LunaticRv
newbie
Topic Author
Posts: 42
Joined: Mon Dec 31, 2018 8:50 am

Re: Static Route and NAT - Cannot reach server in R1 while reachable on outside and R2

Wed Apr 17, 2024 11:10 pm

There is nothing related with firewall in R2, meaning no nat/masquerading. No, there is not a misconfiguration, since I don't want to waste any public ipv4 its Mikrotik way of PTP links. (rfc3021)

I am probably missing some part in routing part, but not sure where. There is no issue when trying to reach from the outside of the network, but inside of the network, there is a connectivity problem.
 
LdB
Member Candidate
Member Candidate
Posts: 167
Joined: Thu May 20, 2021 4:23 pm

Re: Static Route and NAT - Cannot reach server in R1 while reachable on outside and R2

Sat Apr 20, 2024 5:54 am

On the config you shown have Router 1 knows nothing of 22.22.22.22

R1 is giving you correctly the error message "Invalid argument" because 22.22.22.22 can not be routed and the router is going I don't know what to do with that

I am assuming you meant to actually put the address 22.22.22.22 on some interface on the router
Try expanding this correctly ... fill in the details marked with ?????????
/ip address
add address=11.11.11.11 interface=VL_100-NAT-to-BNG network= 11.11.11.12
add address=22.22.22.22 interface=????????? network=???????????
Remember a NAT to non-existent address will do nothing so not only can't you ping 22.22.22.22 that NAT wont work either

Your statement says 22.22.22.22 is public but it is not represented in your config

Who is online

Users browsing this forum: Bing [Bot], okw, sas2k and 50 guests