Thanks everyone! Adding in-interface=ether1-gateway made everything work
as expected.
Funny that you mention hairpin, I was going to tackle that next. Not
having any luck so far. Trying to get it working for one device, then
hopefully expanding the rule to cover all hairpin traffic.
Any
Just blanket masquerade the local subnet and you're done. So much less
pain and the downsides don't generally apply to small home/office networks.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Sun, Jun 8, 2014 at 11:50 AM, Casey Mills
I started with that but no luck. Here is what I tried.
chain=srcnat action=masquerade protocol=tcp src-address=192.168.55.0/24
dst-address=192.168.55.0/24 out-interface=bridge-local
Casey
On Jun 8, 2014 11:54 AM, Josh Luthman j...@imaginenetworksllc.com wrote:
Just blanket masquerade the local
Drop the last two arguments.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jun 8, 2014 2:27 PM, Casey Mills wkm...@gmail.com wrote:
I started with that but no luck. Here is what I tried.
chain=srcnat action=masquerade protocol=tcp
Drop the first rule.
Second rule, drop the protocol.
The latter rules won't apply because you're not coming from that interface.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jun 8, 2014 5:58 PM, Casey Mills wkm...@gmail.com wrote:
Hmm, that
Hmm, that didn't do the trick. Here is what my NAT table looks like.
add action=masquerade chain=srcnat comment=default configuration
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=Hairpin-Test protocol=tcp
src-address=192.168.55.0/24
add
I really appreciate your help Josh. But still not working. Any other
ideas?
Here are my firewall rules. I disabled the last input rule that drops
input traffic but didn't make a difference.
/ip firewall filter
add chain=input comment=Allow all local traffic in
in-interface=bridge-local
add
You're masquerading it right. Dstnat rules have to be to blame. Did you
change them?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jun 8, 2014 6:23 PM, Casey Mills wkm...@gmail.com wrote:
I really appreciate your help Josh. But still not
I added the in-interface=ether1-gateway per the beginning of this thread.
Everything wired runs to a switched, then one port of that switch connects
to ether3 on the rb2011. The WAN port on the rb2011 is ether1.
add action=dst-nat chain=dstnat comment=Foscam-1 dst-port=8080
Ok, removing the in-interface from the first and second dstnat rule now
lets me use the dynamic DNS name to access the cameras. Which makes sense,
I guess.
I guess I'll have to leave the in-interface specification for the port 80
and 443 though. Keeping me from using the dynamic DNS name?
If you want to keep that in there add a second rule for your hairpin.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jun 8, 2014 6:45 PM, Casey Mills wkm...@gmail.com wrote:
I added the in-interface=ether1-gateway per the beginning of this
Specify a dst-address or in-interface
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jun 7, 2014 4:15 PM, Casey Mills wkm...@gmail.com wrote:
I was pretty big into Mikrotik in years past, but haven't been active in
some time.
I just picked
Hello All,
I am hoping someone might be able to shed some light on a port
forwarding rule that I currently have setup.
I have a NAT rule setup as follows: Chain:dstnat, protocal: 6, dst port:
61234, in interface: ether 1, Action: dst-nat To Address: 10.x.x.x To
Ports: 80
The customer port
Is it counting packets? Try a different port?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jun 19, 2012 4:27 PM, Scott Kress sc...@3designgroup.com wrote:
Hello All,
I am hoping someone might be able to shed some light on a port forwarding
14 matches
Mail list logo