betrayer... go make your own thread

Don't like that. Mikrotik will be up later. This 1921 need special license files for VPN, so won't be my permanent toy(s).

yeah cisco sux.. cause of the license requirement for vpn function

mikrotik u get everything in 1 package no additional licenses and that bullcrap...

The previous model not too bad, if creative enough can get the correct ios for the vpn and firewall function. The newer generation with ios 15 need serial number and license key to open up the function.

Their product is really enterprise level especially on routing, and vpn. Mikrotik will have to work hard, and I feel they are going to the right direction too.

i tried the setting below and it does not work

/ip firewall nat add chain=dstnat protocol=tcp dst-port=8060 \ action=dst-nat to-addresses=192.168.1.10 to-ports=8060

please refer to the attachment for more detail

//edit// addition to the picture below.
and also the php app uses absolute url in many of its fuctions

This post has been edited by jinaun: Mar 25 2012, 09:05 PM


Attached thumbnail(s)

You just want to do port mapping or DynDns?

actually.. port mapping.. so both the LAN and WAN can access via the same url

currently if access from WAN, mydomain.hopon.net:8060/myapp works.. but if access from the same LAN as the server (behind the router) mydomain.hopon.net:8060/myapp does not work and it only shows timeout on the browser but can access other internet sites such as yahoo.com but not mydomain.hopon.net:8060/myapp

This post has been edited by jinaun: Mar 25 2012, 10:55 PM

You try to use the same url for the local ip? I have not done this, but usually when using same fqdn, we translate to local ip, instead of using publicl ip.

because previously it works with tplink's 1043nd, but i can't seem to configure it to work in such a way on mikrotik. maybe perhaps the way 1043nd does is provide loopback?

other workaround i was thinking is.. would be putting a static dns on the router?

so from WAN it access via dyndns's mapped ip, and while in LAN it access via static dns on the router?

//the static dns workaround gives another issue, which i have several portmapping to other servers. 8060 to server1, 8082 to server 2, if use static dns.. there is no way to resolve to 2 different ip

solution found, its called hairpin NAT, so far the same URL works on LAN and WAN

This post has been edited by jinaun: Mar 26 2012, 12:24 AM

try

/ip firewall nat add chain=dstnat protocol=tcp dst-port=8060 in-interface=ppoe-out1 \ action=dst-nat to-addresses=192.168.1.10 to-ports=8060


in-interface= your missing?

This post has been edited by arul_sr: Mar 26 2012, 12:55 AM

thanks but i've tried it and its not working too with the in-interface.. i've used hairpinNAT instead justnow and it seems to be working from both side

This post has been edited by jinaun: Mar 26 2012, 12:59 AM

Let me pin out this for you as I cant solve it till today, maybe i was just too lazy to crack my head on it at my clients place.

I problem lies in the NAT Loopback or also known as NAT Reflection. It depends on what type of chipset the router uses. A few routers can solve the IP address that is masked by DNS. Some routers just cant. For more advance routers like cicso and mikrotik im sure there a work around.

Please input if the info was helpful and if you found a way around the loopback and reflection.

But you may have problem if your ip change.

so far tested.. the WAN side is dynamic.. IP changed a few times n the url works both sides. the server on LAN has fixed ip

here is the hairpin NAT wiki

http://wiki.mikrotik.com/wiki/Hairpin_NAT

Wow, this thread is really moving along.... I learned something new today on the Hairpin NAT... will go back and study the link...

Check link out too!!

http://cloudcorerouter.com/

---

Added on March 27, 2012, 7:05 pmIt is a 32 Core Mikrotik router!!

This post has been edited by eric_tan: Mar 27 2012, 07:05 PM

What modem do you guys use as modem?

I normally buy the cheapest "NON-router NON-wifi modem only" modem.

The last few I bought was TP-Link.

Eric

hi all sifus here, i have a question. i just got a RB750. i want to setup it to be a router at my school's computer lab. now my school use maxis's vsat, which which are connected to a 24 ports switch. now every computer need to configure ip address before can connect to internet. now i want to make the rb750 to be a dhcp server, that'll give automatic ip to all pc connected to it. my setup will be vsat gateway => rb750 => 24ports switch =>pcs/ap/wireless routers. how to setup it? ive looked in the wiki and cant seem to find the answer.....i didnt know that mikrotik is very hard to configure...i bought it because my friend said its high quality......hope any sifu can point me to the right direction...tq..

How did the Maxis vsat device works? Is that a router by itself?

Assuming that the answer is yes, and that the Maxis STB has its own IP (for example 192.168.1.1).

Connect the decoder to port 1 of the RB750.
Connect the 24-port switch (I assume it is unmanaged) to port 2 of RB750.
Configure the port 1 of RB750 to have the IP of 192.168.1.2/24.
Make a srcnat masquerade NAT rule with port 1 being the Output Interface.
Create a DHCP server running on port 2 of RB750. If the said port is part of a bridge, run the DHCP server on the bridge. If a bridge exist, port 1 must not be part of it.
Configure the computers to use DHCP, and then connect them to the unmanaged switch.

At this time, the computers should be able to connect to the Internet already.

thank you for replying in the first place

the maxis vsat stb has static ip range (10.193.10.200-250) (i have no way to set it to be dhcp enabled) so in a common router i'll have to set the wan to one of the static ip in the range. so here i have to

1. configure the port 1 of rb750 to have the ip in the range of (10.193.10.200-250)? what is the /24 suppose to mean?

how to make a srcnat masquerade nat rule with port 1 being the output interface?

very sorry im extremely noob in this, hope you will be patient with me...