Mikrotik - NAT behind NAT

firewall nat mikrotik
5,109

The first router is redirecting the packets (rewriting the destination) to 192.168.1.10:7722.

As such, this is the address and port that you need to match in the NAT rule on the Mikrotik.

Share:
5,109

Related videos on Youtube

kkazakov
Author by

kkazakov

PHP, Obj-C, Java developer

Updated on September 18, 2022

Comments

  • kkazakov
    kkazakov almost 2 years

    I have two routers, one given by the internet provider, which I cannot control ( only they can ) and the second is my Mikrotik HAP ac (RB962UiGS-5HacT2HnT).

    My router was primary before, and I had several ports forwarded. Now it's secondary, so I asked them to forward to the router's IP. However, that's not really working.

    So my configuration is:

    Outside router: 192.168.1.1 Inside router's static IP: 192.168.1.10

    Outside port 7722 forwarded to 7722 of 192.168.1.10

    Internal router (Mikrotik)'s IP: 192.168.88.1, my server's IP in the internal network is 192.268.88.25

    On the internal router (Mikrotik) I have the following rules:

    chain=dstnat action=dst-nat to-addresses=192.168.88.25 to-ports=22 protocol=tcp dst-address=192.168.1.1 dst-port=7722

    Before adding another router in the loop, dst-address was the external IP address and this worked very well.

    However, it's not working now. Any idea what I'm missing?

    I cannot use their router, as it does not support 5Ghz network and wireless is extremely slow. However, I cannot plugin their optics directly to the Mikrotik, as they want to be able to "control" it ...

    • USD Matt
      USD Matt over 6 years
      If they have NAT forwarding on their router, then the Mikrotik is going to see a packet destined for 192.168.1.10:7722, which is what your own nat rule will need to match
    • kkazakov
      kkazakov over 6 years
      Thank you, @USDMatt !!! It was exactly this what I was missing. If you add it as answer, I will confirm it. It works with 192.168.1.10 .. it's so obvious now.
    • Michael Hampton
      Michael Hampton over 6 years
      Avoid double NAT wherever possible. It will only make your life a nightmare. Configure appropriate static routes instead.
    • kkazakov
      kkazakov over 6 years
      @MichaelHampton I usually avoid it, however, it's not possible in this situation :(

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

MikroTik - can't access webfig from external / can't SSH into router from external ip
ubuntu iptables NAT & Router & Port Forwarding
What are the risks of NOT using a firewall (home computer)?
Forwarding all incoming traffic on eth0 to go to eth1
iptables trouble: nat with ip alias (virtual interface) not working
Block all Outside IP addresses to NAS using Winbox/Microtik
FTP Passive Port Range Standard?
What router settings are required for Windows 7 Remote Assistance?
How can I do DNAT and SNAT on Windows 7?
Complete masquerading NAT example using nftables on Linux?