Community discussions

MikroTik App
 
ckonsultor
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Nov 21, 2021 7:57 pm

How to DST-NAT trhough 2 routers for remote access

Sun Feb 12, 2023 7:05 pm

DoubleDSTNAT.jpg
Have not been able to reach the Metrics Server from the Internet by applying dst-nat in the gateway router. Do I need to dst-nat in the second router as well? The devices in the dotted-line box (labeled "below") are part of a lab setup that a remote programmer needs to access. The gateway firewall rules are:
DblDSTNATfirewallRules.jpg
Thanks in advance.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to DST-NAT trhough 2 routers for remote access

Sun Feb 12, 2023 8:14 pm

You successfully neutralized your firewall (by disabling #6 and #14 you now allow pretty much everything; probably not the best plan), but other than that, it's hard to tell. The image doesn't seem very clear. Is the server behind second (blue) router or not? Its LAN is connected to it, but its WAN goes to the mysterious yellow thing that's between first and second router, so maybe the server is not really completely behind the second router?

In case it is behind second router, you have two options:

a) Forward ports from first router directly to 192.168.66.x (whatever the server has). First router must know where 192.168.66.0/24 is and second router must let it pass.
b) Forward ports to second router (192.168.88.52) and add another forwarding to 192.168.66.x on second router. This will work even when there's double NAT and first router knows nothing about 192.168.66.0/24.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to DST-NAT trhough 2 routers for remote access

Mon Feb 13, 2023 2:19 pm

Yeah your diagram sucks if it was intended to provide a clear picture and relationships.
In general double nat is about
a. first router forwarding the port to the LANIP off the second router ( the second routers WANIP in relation to itself )
b. the second router forwarding the port the LANIP of the server behind the second router.

IF you had three routers.........
a. first router forwarding the port to the LANIP off the second router ( on the lan subnet of the first router) ( the second routers WANIP in relation to itself )
a. second router forwarding the port to the LANIP off the third router ( on the lan subnet of the second router ) ( the third routers WANIP in relation to itself )
b. the third router forwarding the port the LANIP of the server behind the third router.
 
ckonsultor
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Nov 21, 2021 7:57 pm

Re: How to DST-NAT trhough 2 routers for remote access

Mon Feb 13, 2023 5:17 pm

Thanks to you both. You have clarified my situation for me. The "yellow thingy" is a passive patch panel for convenient access to components inside a travel case.
I have activated rules 6 and 14.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to DST-NAT trhough 2 routers for remote access

Mon Feb 13, 2023 5:27 pm

One final word, it may not be relevant, but dont use port forwarding to access and config the router! Use a vpn connection like wireguard.
 
ckonsultor
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Nov 21, 2021 7:57 pm

Re: How to DST-NAT trhough 2 routers for remote access

Thu Mar 02, 2023 10:38 pm

Success! DST-NAT in gateway with forwarding in the second router works for me.
Thanks again.

Who is online

Users browsing this forum: GoogleOther [Bot], kkeyser, mtkvvv and 46 guests