Community discussions

MikroTik App
 
User avatar
knippers
just joined
Topic Author
Posts: 2
Joined: Sun Dec 04, 2011 3:24 pm
Location: Netherlands

Port forward on ZeroTier

Fri Jan 14, 2022 10:56 pm

I have a ZeroTier network setup for VPN. This was the easiest option to get remote access in a dual WAN (Starlink + Telekom VDSL) with the original routers in place and all dynamic addresses. On the remote network ZeroTier is setup on a RB3011.

Network setup: admin Mac (ZeroTier address 192.168.193.227) <-> ZeroTier network 192.168.193.0/24 <-> RB3011 (ZeroTier address 192.168.193.222, LAN address 192.168.0.2) <-> remote LAN 192.168.0.0/24 <-> another mikrotik (192.168.0.1)

Now I can perfectly fine access the 192.168.193.222 box. But I also want to access another device on the remote LAN, 192.168.0.1 (I cannot setup ZeroTier on it).

So this works:
- on the admin Mac: ssh admin@192.168.193.222 -L 8291:192.168.0.1:8291
- and then I can use WinBox with localhost:8291 to access 192.168.0.1:8291 in the remote network.

What I would like is to configure a port forward on the RB3011 to map to the remote device on the LAN. So on 192.168.193.222:8292 to map to 192.168.0.1:8291.

I would be even better to use 192.168.193.1 to map all ports to 192.168.0.1.

I have tried the following NAT rule but that does not work:
/ip/firewall/nat> print detail 
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=srcnat action=masquerade protocol=tcp src-address=192.168.0.0/24 dst-address=192.168.0.1 out-interface=LAN log=yes 

 1    chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=80 protocol=tcp dst-address=192.168.193.222 in-interface=zerotier1 dst-port=81 log=yes 
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forward on ZeroTier

Fri Jan 14, 2022 11:26 pm

According to Normis, the zerotier documentation is amazing.
I have found quite the opposite, and as for MT documentation................. ???
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: Port forward on ZeroTier  [SOLVED]

Sat Jan 15, 2022 1:11 am

You are missing a src-nat for the ZeroTier network. It should look like your first rule with the src-address=192.168.193.0/24 and to-address=192.168.0.2. Or you can put a route to 192.168.193.0/24 on the remote Mikrotik pointing to 192.168.0.2.
 
User avatar
knippers
just joined
Topic Author
Posts: 2
Joined: Sun Dec 04, 2011 3:24 pm
Location: Netherlands

Re: Port forward on ZeroTier

Sat Jan 15, 2022 2:48 pm

You are missing a src-nat for the ZeroTier network. It should look like your first rule with the src-address=192.168.193.0/24 and to-address=192.168.0.2. Or you can put a route to 192.168.193.0/24 on the remote Mikrotik pointing to 192.168.0.2.
Thanks that fixed it. So if I understand correctly I was missing the route back from 192.168.0.1 to 193.168.193.222 via the 192.168.0.2?

For others:
 0    chain=srcnat action=masquerade protocol=tcp src-address=192.168.0.0/24 dst-address=192.168.0.1 out-interface=LAN log=yes 
 1    chain=srcnat action=masquerade to-addresses=192.168.0.2 protocol=tcp src-address=192.168.193.0/24 
 2    chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=8291 protocol=tcp dst-address=192.168.193.222 in-interface=zerotier1 dst-port=8292 

Who is online

Users browsing this forum: Bing [Bot], jaclaz, sid5632 and 41 guests