Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > More for Less: MikroTik Talk
 
  • Post
  • Reply
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.


 I seem to be having trouble getting port forwarding to work as well. I tried a few recommendations I have found to no avail. I do not have a static ip so I tried the following:


[admin@Spaceballs: The Router] > ip fire nat export
# jan/02/1970 01:11:35 by RouterOS 5.6

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=ether1-gateway
add action=dst-nat chain=dstnat disabled=no dst-address-type=local dst-port=8080 protocol=tcp to-addresses=192.168.88.253 to-ports=\
8080


This is on a RB751U.

Any ideas?

DaCheese fucked around with this message at 03:28 on Dec 30, 2011

* # ¿ Dec 30, 2011 02:49
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 22, 2024 10:26
  • Quote
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.

CuddleChunks posted:

You might try:

/ip firewall nat add action=dst-nat chain=dstnat disabled=no \
dst-port=8080 protocol=tcp to-addresses=192.168.88.253 \
to-ports=8080 in-interface=ether1-gateway

The difference is the "in-interface" parameter. Instead of specifying a range of IP's to NAT on, you say, "packets inbound on this interface get checked". See if that starts triggering.

No love. Still not sure what is going on. I have seen at least 3 different answers to this while researching via google but none of them seem to do anything for me. I left the default config and just altered as needed per a guide on the wiki to get wireless working. Is there anything in the default config that could be getting in my way? I also tried a routeros upgrade, which did not solve the issue either.

Edit: also the log in winbox doesn't really show me much. Is there a better place that I can gather info from?

Double edit: Forgive my ignorance, but I am in the process of learning, if I remove the configuration and start from scratch like in the Anypony guide, how do I connect to the router with winbox? Do I just connect via an ethernet cable and put the mac in winbox?

DaCheese fucked around with this message at 23:09 on Dec 30, 2011

* # ¿ Dec 30, 2011 23:04
  • Quote
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.

The_Franz posted:

When you test it, are the counters next to the NAT rule increasing? Did you put a rule in your firewall forward chain that allows traffic on port 8080 through?

Yes the bytes and packets counters move but not very much. For instance just now it is up to 1000 bytes.

I probably got the filter wrong.
Should it look like this:

ip firewall filter add chain=forward action=accept protocol=tcp dst-port=8080

Edit: Ok. I have been trying this with minecraft as well, and, oddly enough, I see connection attempts in the server log but then it loses connection. It almost seems like it is just really throttled down somehow? Maybe that isn't the case, but I would think I shouldn't even see the attempts if forwarding wasn't working.

DaCheese fucked around with this message at 02:09 on Dec 31, 2011

* # ¿ Dec 31, 2011 01:06
  • Quote
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.


 Ok, this is funny.
I was forwarding an A record on my domain to my current IP at home and trying to hit the machine that port 8080 is forwarded to. When I went to the domain:8080 from my home network, it never worked. Just got back to working with this since I have been fighting some hardware issues on another machine this week and thought to test it from a remote shell and it works. Inside my network I have to use the local IP.

* # ¿ Jan 6, 2012 02:05
  • Quote
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.

CuddleChunks posted:

This is normal. Your pc does an nslookup for the domain, the A record points to your external IP address, the request gets handed off and tends to die because that loopback behavior isn't well supported. There are a couple ways around this:

- Edit the HOSTS file on your local computer and enter the domain name in there with its LAN IP address. This is probably the cleanest way since your HOSTS file should be read before DNS lookups.

- Go to IP -> DHCP-Server -> Networks in Winbox. Double-click on your network and then enter a domain name for your LAN under DNS Domain (or just "domain" from the CLI). When computers register with the dhcp server they should inject themselves into a little table so that you can go to: localcomputername.mylan.lan and have results come back.

That's a little fussier than editing the hosts file because your test queries won't go to myinternetdomainname.com but they should show up on the same machine all the same.

There is likely a third way to do this and that's to look for packets that are trying to do this loopback behavior and then redirecting them via the NAT engine. I don't have a good feel for how you'd write the rule but it should be possible.


Thanks! That makes a lot of sense. The only real reason I was doing this was trying to test it by going out to the internet and coming back in from outside, but I can just be a little less lazy in the future.

Edit: I just bothered to think about this for a second and I see now why it is silly.

DaCheese fucked around with this message at 02:52 on Jan 6, 2012

* # ¿ Jan 6, 2012 02:44
  • Quote
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.


 I seem to have gotten myself into a predicament.
I just got an rb2011 uas-2hnd-in and managed to mess up the configuration such that I could no longer access the router via ethernet or wireless. (I don't have a serial cable with me).
I tried unsuccessfully to get a reset to take but it never did (I could tell because it was still advertising the wireless ssid I set).
So then I went online and landed on using netinstall to reinstall v5.20 from the npk listed for my series via eth2.
This worked fine, except now I can't figure out how to access the router to configure it.
I no longer get dhcp like I did out of the box, and setting the address manually gets me nowhere.
Also, it doesn't advertise the mikrotik ssid like the out of box config did. Not sure if wireless is even on.
The router just does not respond.
I followed http://wiki.mikrotik.com/wiki/Netinstall for the installation section.
Any ideas?

DaCheese fucked around with this message at 16:13 on Oct 13, 2012

* # ¿ Oct 13, 2012 15:50
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 22, 2024 10:26
  • Quote
DaCheese
Jul 24, 2007

Bureaucracy has ruined murder.

CuddleChunks posted:

Download the Winbox tool from here: http://download2.mikrotik.com/winbox.exe

Run it and click the ... button in the top right. That will scan your local subnet for Mikrotik devices. Your router should appear there with 0.0.0.0 for its IP and its MAC address displayed. Click its MAC addy, enter the username: admin and hit Connect.


enotnert - hahah that's an awesome sideline.

I forgot Winbox did that! Thanks!

* # ¿ Oct 14, 2012 17:19
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > More for Less: MikroTik Talk