Community discussions

MikroTik App
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

DDNS is behind the NAT and I can not manage to connect to my server

Fri Oct 28, 2022 12:29 pm

Dear,
I read a lot of forums topics, and try some configurations to solve the problem but I can not get throug the issue. So I have a cloudflare and my domain www.mydomain.com and I check my IP over google, and I ponited this IP in cloudflare so myserver.com -> 777.777.777.777, when I ping this site all work.
In my home I have a router of my ISP which give and IP address to my Microtic router (I use DHCP client and IP I get is 192.168.1.4). I on my mikrotik I set up my LAN subnet with IP 193.168.3.0/24 and all works perfect. I set up a server on my LAN IP and a NGINX proxy manager on port 80. when I try to conect form LAn to server all works great.
I try to establish the conection from outside - internet to my private network over myserver.com domain and here come a trubles. As I figour out I have a dinamic IP Addres behind NAT, and I run over forum but can not manage to get any equvalet post how to solve the problem and how to configure the Mikrotic to forward the trafic to my server.
Do anyone have an idea, where to start this issue or to give me some points where and how to start? I also have adguard instled and thats also work perfect.
I also ty to set up a cloud get enable it DDNS get a DNS name, follow the rules of https://www.youtube.com/watch?v=_kw_bQyX-3U&t=257s , but here is the problem that Router is behind the NAT. Remote conection might not ...

Is there any way to do, to conect to server, to conect to Mikrotik from internet. I settup ZEROTIER thats one way to conect to router and get access to my LAN,
but I want that from web: hhtp://myserver.com I got to my server on local LAN 193.168.x.xxx. waiting for your advices?

br MArtin
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Fri Oct 28, 2022 6:15 pm

I'm sure that all answers can be found in this thread:

viewtopic.php?t=179343

More specifically, since it's a long one, you want this:

viewtopic.php?p=945706#p945706

Main thing is that you need to forward port(s) from ISP router to MT router. If you can do that, the rest is easy. If not, you're out of luck.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDNS is behind the NAT and I can not manage to connect to my server

Fri Oct 28, 2022 6:51 pm

Lets review!

1 - You have a reachable ISP which has a dynamic WANIP address on your ISP Router
2 - You have a dynamic DNS url from cloudfare that points to this WANIP.
3 - You have a MT router behind the ISP router which is given a private IP by the ISP router.
4- YOu would like users to be able to access servers behind the MT using the DYNDNS URL.

Q1 - Can you access the ISP router?
Q2 - Can you do two things:
a. forward specific ports?
b. create static routes?

If the questions are NO to both questions you will not be able to port forward. In this case what you will need to do is host the server outside the network.
An alternative is to allow users to VPN to your server using WIREGUARD. However, that is also not possible as the public IP is not accessible (cannot port forward listening port to your MT router). Thus the solution here again is to host wireguard server outside the network.

For example, If I was your friend with a publicly accessible WANIP and an MT router, I could host the MT VPN server. Then you could, as a client, connect to my MT wireguard server and those needing access to your Server could connect to the wireguard server. Due to the fact that the tunnel is a two-way street, then your friends could connect to your server.
So either a friend in the middle provides a service, or you rent server space (like on a server farm) and host stuff ( standard server or mikrotik VPN server) etc...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDNS is behind the NAT and I can not manage to connect to my server

Fri Oct 28, 2022 6:52 pm

Right now your network is not clear to me so a diagram would help and eventually we need to see the config.
/export file=anynameyouwish ( minus router serial number and any public WANIP information )
 
User avatar
broderick
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Fri Oct 28, 2022 11:54 pm

If you are behind NAT (Your ISP router) and want to get access to your LAN there is not much you can do other than using:

- services like Zerotier or Tailscale.
- Wireguard or OpenVPN server on a VPS in the cloud
- Cloudflared tunnel, which enables you and your friends to bypass NAT and reach your server by using a domain

More info here:
https://noted.lol/say-goodbye-to-revers ... e-tunnels/
https://www.youtube.com/watch?v=VrV0udRUi8A
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Tue Nov 08, 2022 11:04 pm

Sorry for late reply. And Thanks very much to all for help. It looks like very hard to pass through. Now my ISP provider give me a solution they give me a static IP address but conection will go through PPPOE tunel conection, but problem is when connection is established it is also immidately droped, and then this is repeating, so I have to cancel it. Maybe cloudflare tunel to my NAS omv6 docker is best solution and pass the NAT of my ISP. As I do not have access to ISP modem.
I can send you a diagram of my network, but what program for making diagram you propose?
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Tue Nov 08, 2022 11:37 pm

Other options like Zerotier thats ok, I have it installed, but it is very poor speed max 25Mbits Rx and Tx. But this is only for friends and my access to the server, I can not manage to do public access via Zerotier to my webserver, where I want to have my webpage.
Wireguard I do not know how it is working, I just do some study on it, have to check. Because in cloudflare I have to setup an IP to my domain name, so do wireguard has a public IP address and then do a tunnel to mikrotik and forward to my server?
Things going to complicate. I WANT TO DO EASY 😀.
THANKS IN advance.
Br Martin
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 12:20 am

You never answered my questions ????
Q1 - Can you access the ISP router?
Q2 - Can you do two things:
a. forward specific ports?
b. create static routes?
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 8:38 am

Q1 - Can you access the ISP router? NO, only ISP can access, they give me a static IP with PPPOE access, BUT problem with connection, after connection is establish it is immidately drop.
Q2 - Can you do two things:
a. forward specific ports? Not on ISP router,
b. create static routes? NOT OB ISP ROUTER.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 8:46 am

Don't you have a friend that knows his way around the internet?
If you couldn't manage to bring a pppoe client up, I'm not trusting your skills.
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 11:27 am

I think Pppoe is easy and old protocol, I was last face with it 30 years ago, with analog dial modem, where to put only username and password and then connect to internet. After that all is different, now I got from my provider also username and password, I put info into mikrotim pppoe client, all is done conection establish but after that immidately droped. So maybe there is some profiles of encription to do, but I didn't go to much in all. First I would like to get clear about this Nat problem.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 1:09 pm

 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 2:01 pm

Diagram network attaced.
I attache also export file
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDNS is behind the NAT and I can not manage to connect to my server

Wed Nov 09, 2022 10:18 pm

Dont use, understand capsman so of little help.........
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Thu Nov 10, 2022 9:10 am

Mr. Anav I do not understood what you want to tell me?

Br Martin
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDNS is behind the NAT and I can not manage to connect to my server

Thu Nov 10, 2022 2:33 pm

Mr. Anav I do not understood what you want to tell me?

Br Martin
Saying that since I have not used capsman myself, and do not ever intend doing so ( add complexity for minimal gain IMHO) or put another way its cons outweight its pros, and thus I am not able to help you sort out the config......
 
martinmasera
just joined
Topic Author
Posts: 11
Joined: Thu Nov 04, 2021 12:39 pm

Re: DDNS is behind the NAT and I can not manage to connect to my server

Thu Nov 10, 2022 3:51 pm

Mr. Anav I do not understood what you want to tell me?

Br Martin
Saying that since I have not used capsman myself, and do not ever intend doing so ( add complexity for minimal gain IMHO) or put another way its cons outweight its pros, and thus I am not able to help you sort out the config......
thanks for your efford.
I talk to my ISP provider and they told me that what they can do is to make a bridge on their modem, and then I establish the PPPOE tunnel to their modem and I will have internet and all the stuff on my MT router.
so my questin is what will then happen and how to configure properli the IPTV, what you suggest making VLANS or any IPTV will flow over Mikrotik router and swithes to the SETTOP box without any problem cause on my network and swithes, will I have a problems maybe?

Who is online

Users browsing this forum: Bing [Bot], BioMax, itvisionpk, tjanas94 and 36 guests