Mikrotik - NAT behind NAT
The first router is redirecting the packets (rewriting the destination) to 192.168.1.10:7722.
As such, this is the address and port that you need to match in the NAT rule on the Mikrotik.
Related videos on Youtube
Comments
-
kkazakov almost 2 years
I have two routers, one given by the internet provider, which I cannot control ( only they can ) and the second is my Mikrotik HAP ac (RB962UiGS-5HacT2HnT).
My router was primary before, and I had several ports forwarded. Now it's secondary, so I asked them to forward to the router's IP. However, that's not really working.
So my configuration is:
Outside router: 192.168.1.1 Inside router's static IP: 192.168.1.10
Outside port 7722 forwarded to 7722 of 192.168.1.10
Internal router (Mikrotik)'s IP: 192.168.88.1, my server's IP in the internal network is 192.268.88.25
On the internal router (Mikrotik) I have the following rules:
chain=dstnat action=dst-nat to-addresses=192.168.88.25 to-ports=22 protocol=tcp dst-address=192.168.1.1 dst-port=7722
Before adding another router in the loop, dst-address was the external IP address and this worked very well.
However, it's not working now. Any idea what I'm missing?
I cannot use their router, as it does not support 5Ghz network and wireless is extremely slow. However, I cannot plugin their optics directly to the Mikrotik, as they want to be able to "control" it ...
-
USD Matt over 6 yearsIf they have NAT forwarding on their router, then the Mikrotik is going to see a packet destined for 192.168.1.10:7722, which is what your own nat rule will need to match
-
kkazakov over 6 yearsThank you, @USDMatt !!! It was exactly this what I was missing. If you add it as answer, I will confirm it. It works with 192.168.1.10 .. it's so obvious now.
-
Michael Hampton over 6 yearsAvoid double NAT wherever possible. It will only make your life a nightmare. Configure appropriate static routes instead.
-
kkazakov over 6 years@MichaelHampton I usually avoid it, however, it's not possible in this situation :(
-