Community discussions

MikroTik App
 
Roo102
just joined
Topic Author
Posts: 4
Joined: Fri Jun 03, 2022 7:12 am

Yet another port forwarding noob...

Sun Jun 05, 2022 4:56 am

Hi Everyone,

I'm very new to the Mikrotik scene and have been lurking on the forum for the last week or two trying to find a solution for my problem.
I have an ISP provided RB952Ui-5ac2nD running Router OS 6.74 and I'm trying to set up some port forwarding rule myself (both because I'd like to learn how and my ISP tech support doesn't seem all that interested).
I have managed to get some forwarding working, for example I can now use my router's sn.mynetname.net DDNS to SSH into my sever but only internally on the LAN, not from an outside IP address.
This the problem I'm now trying to solve and figured it's about time I made an account on the forum to ask the experts.

One other problem I have is that the ISP has blocked my account from using the Terminal so while I work on getting access to that, I'll do my best to post below what I've done so far.
Created NAT rule - Chain:dstnat Protocol:tcp Dst. Port:12566 Dst. Address List: WAN Action: dst-nat To Addresses:192.168.10.114 To Port:22
Address List - WAN = Public(?) IP from router's DDNS
Created Firewall Rule - Chain:forward Protocol:tcp Dst. Port:12566 Dst. Address List: WAN Action:accept

The ISP has configured the router with a local-bridge (192.168.10.254/24) and vlan (100.65.46.11/24).
One other thing, I'm on rural wireless internet with a dish that plugs into the router, hopefully that doesn't make too much difference but I'm sure someone more knowledgeable will let me know...

Hopefully this be enough information to give an idea of what I'm going for, once I have terminal access I should be able to post exactly what's going on.

Thanks in advance!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Yet another port forwarding noob...

Sun Jun 05, 2022 1:20 pm

So you have full access to the ISP provided router via winbox?
There is no such thing as firmware 6.74?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Yet another port forwarding noob...

Sun Jun 05, 2022 6:39 pm

If 100.65.46.11/24 is what you have on WAN, then bad news, that's not public.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Yet another port forwarding noob...

Sun Jun 05, 2022 8:37 pm

Good catch Sob
@anav I guess it 6.47

100.64.0.0/10
100.64.0.0–100.127.255.255
#IP 4194304 Private network
Shared address space[5] for communications between a service provider and its subscribers when using a carrier-grade NAT.

With this IP (100.65.46.11) you are behind NAT out of your control, so you can not reach this IP from internet, so no port forward will work.
 
Roo102
just joined
Topic Author
Posts: 4
Joined: Fri Jun 03, 2022 7:12 am

Re: Yet another port forwarding noob...

Sun Jun 05, 2022 11:37 pm

Hi All,

Thanks for the replies!
So you have full access to the ISP provided router via winbox?
There is no such thing as firmware 6.74?
Sorry, that was a typo, firmware is 6.47. I can access winbox but my ISP has assigned me a "customer" profile which is fairly restrictive.
If 100.65.46.11/24 is what you have on WAN, then bad news, that's not public.
100.65.46.11/24 is the ip range of the vlan my ISP has set up within the router, my WAN ip is 103.5.x.x and does appear to be public.

Cheers.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Yet another port forwarding noob...

Mon Jun 06, 2022 12:44 am

And what's this vlan? And more importantly, do you have 103.5.x.x on router (look in IP->Addresses) or is it just what some "what is my IP address?" online service shows?
 
Roo102
just joined
Topic Author
Posts: 4
Joined: Fri Jun 03, 2022 7:12 am

Re: Yet another port forwarding noob...

Mon Jun 06, 2022 1:07 am

Hi Sob,
And what's this vlan? And more importantly, do you have 103.5.x.x on router (look in IP->Addresses) or is it just what some "what is my IP address?" online service shows?
IP->Addresses shows this
Screenshot 2022-06-06 100231.png
And here it is in Interfaces ->Interface if that helps?
Screenshot 2022-06-06 100342.png
The WAN IP shows under IP->Cloud in the Public Address field (and also in "what is my IP address services?").
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Yet another port forwarding noob...

Mon Jun 06, 2022 1:46 am

It still looks like bad news. There's always public address involved, because other devices on internet can't reach private addresses. But that public address is on ISP's router and can be shared by many clients. ISP's have to do this, because there isn't enough public IP addresses (IPv4) for everyone. It works for outgoing connections to internet, but not for incoming from internet, because if there's new connection to this public address and port X, ISP's router doesn't know to which client it should send it. It's not completely hopeless, ISP can configure their router to send all or selected ports to clients. If it's all, it's called NAT 1:1. But unless they told you that they do this for you, they most likely don't.
 
Roo102
just joined
Topic Author
Posts: 4
Joined: Fri Jun 03, 2022 7:12 am

Re: Yet another port forwarding noob...

Mon Jun 06, 2022 2:19 am

Hi Sob,

Thanks for the explanation.
My ISP said something about a VOIP nat rule that I should be able to copy but it was missing in my router (maybe deleted by the installer?)
I asked them to reinstate it when I asked for terminal access so hopefully that will give me some clues?

I was trying to avoid asking for a public static IP (because I thought I could work around it) but that might be the answer after all.

I'll post an update once I've heard back from my ISP and let you know if I need anymore help.

Thanks again!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Yet another port forwarding noob...

Mon Jun 06, 2022 10:49 am

I was trying to avoid asking for a public static IP (because I thought I could work around it) but that might be the answer after all.
You do not need a static IP, just a public ip, not the one see in your router 100.65.x.x that is private.
If this is an larger ISP, I guess he will not help you and you are stuck behind a nat IP (103.5.x.x)

If you have another system in the world with public IP, you can setup a tunnel from that IP and the get inn behind your router.

Who is online

Users browsing this forum: No registered users and 38 guests