hi @The Network Berg, it would be great to compare v6 and v7. It seems there is major changes about srcnat in v7. I.e. with 7.1.5, if you set up a rule "srcnat" to present an different public IP, the router itself will be impacted, but in v6 it was'nt ! Nices videos btw ! its great !
Really well explained! I have read stuff about this, but this vidos really sums it all. Thank you very much, keep the hard work. One thing, have you tested in v7.1.1 of RouterOS, the DNS dst-nat rules, to make an IP pool to use, let's say OpenDNS servers. and another pool to use non blocked DNS? I'm trying to configure it in two RB4011, but it looks like it does not work, or maybe it's me.
HY. Great job.I folow youre tutorials here and i find answers to my admin problems. But here is one i did not find yet any solution: I have a pppoe client problem:my provider give me 400mb upl/dwld,but pppoe client conected to my mikrotik router receive only 50-60Mbs of all bandwith ,no queue rules active, no mater how i modify MRU MTU of my pppoe server.I use v.6.48.7 RB 3011 UiAS-RM.
there is one issue if you can help me. I've also done the same thing as you for Destination redirection till morning it is working but now any port entry is not working scenario is I've a public router ip that I want to route to my internally located server pc. on NAT rule page I want port 5050 to routed on internally located pc 192.168.2.100 on port 80 But when I check for port 5050 it show the port is close
When my webserver software firewall receives traffic, the csf firewall sees it as the gateway address always how can i make sure the real externally accessing ip is passed to the specific servers ive dst natted and scr natted traffic to?
The Content is Excellent, but i have a complex scenario where I have two internet connections and both of them are dstnating to a a published service in our LAN . I need to make sure that each request coming from a specific interface gets routed out through the same interface it came through . I have tried mangling both connections mark and route marks but still didnt work . Do you have a video which describes such a scenario. Thanks
Hey quick question, for dst-nat, if you have an ISP router that is also doing NAT, you do port forwarding to Mikrotik's IP(ISP's LAN) correct? Then Mikrotik will do dst-nat to where it needs to go or is there something else needs to be done for Mikrotik's firewall rule? I was able to this setup with my previous router but now having an issue doing the forwarding when I've put in the mikrotik, still trying to learn it heh. Thanks for the videos btw, so much easy to understand.
Thanks for the kind words, it should really be as simple as adding a DST-NAT on your ISP router to your MikroTik and then just adding a DST-NAT from your router to your local host, just make sure you are NATing traffic on the private network between your routers. And also make sure that they are actually NATing traffic to you.
there is one issue if you can help me. I've also done the same thing as you for Destination redirection till morning it is working but now any port entry is not working scenario is I've a public router ip that I want to route to my internally located server pc. on NAT rule page I want port 5050 to routed on internally located pc 192.168.2.100 on port 80 But when I check for port 5050 it show the port is close
I never see such easy explanation. Now I am watching each and every videos of your cannel and doing it on my LAB by myself.
Although you move along at higher pace than I can do (thankfully it's a video lol) this is much simpler than I learned 10 yrs ago to do 1:1 natting.
your explanation is sooooo good. Thanks a LOT. BIG FAN.
Very well explained! Keep it up!
This is gold !!!
Appreciate the message :D!
This is quality content, big UP's
great videos, greetings from austria 👍
Finaly good tutorial. Great job Bro
Thank you
hi @The Network Berg,
it would be great to compare v6 and v7.
It seems there is major changes about srcnat in v7.
I.e. with 7.1.5, if you set up a rule "srcnat" to present an different public IP, the router itself will be impacted, but in v6 it was'nt !
Nices videos btw ! its great !
Really well explained! I have read stuff about this, but this vidos really sums it all. Thank you very much, keep the hard work.
One thing, have you tested in v7.1.1 of RouterOS, the DNS dst-nat rules, to make an IP pool to use, let's say OpenDNS servers. and another pool to use non blocked DNS? I'm trying to configure it in two RB4011, but it looks like it does not work, or maybe it's me.
HY.
Great job.I folow youre tutorials here and i find answers to my admin problems.
But here is one i did not find yet any solution:
I have a pppoe client problem:my provider give me 400mb upl/dwld,but pppoe client conected to my mikrotik router receive only 50-60Mbs of all bandwith ,no queue rules active, no mater how i modify MRU MTU of my pppoe server.I use v.6.48.7 RB 3011 UiAS-RM.
Hi! Can you make this lab available for access on EVE?
Thank you for the video. How about accessing a camera using a private IP address with a destination nat?
there is one issue if you can help me.
I've also done the same thing as you for Destination redirection
till morning it is working but now any port entry is not working
scenario is I've a public router ip that I want to route to my internally located server pc.
on NAT rule page I want port 5050 to routed on internally located pc 192.168.2.100 on port 80
But when I check for port 5050 it show the port is close
When my webserver software firewall receives traffic, the csf firewall sees it as the gateway address always how can i make sure the real externally accessing ip is passed to the specific servers ive dst natted and scr natted traffic to?
How to defend against brute force attack on port 443 since the traffic is handled by NAT and doesn't go through IP filter ?
The Content is Excellent, but i have a complex scenario where I have two internet connections and both of them are dstnating to a a published service in our LAN . I need to make sure that each request coming from a specific interface gets routed out through the same interface it came through . I have tried mangling both connections mark and route marks but still didnt work .
Do you have a video which describes such a scenario.
Thanks
hello, i have site A, B, C, ipsec on A-B, ipsec on B-C, what is best NAT config to get working connection from A to C site?
Hey quick question, for dst-nat, if you have an ISP router that is also doing NAT, you do port forwarding to Mikrotik's IP(ISP's LAN) correct? Then Mikrotik will do dst-nat to where it needs to go or is there something else needs to be done for Mikrotik's firewall rule? I was able to this setup with my previous router but now having an issue doing the forwarding when I've put in the mikrotik, still trying to learn it heh. Thanks for the videos btw, so much easy to understand.
Thanks for the kind words, it should really be as simple as adding a DST-NAT on your ISP router to your MikroTik and then just adding a DST-NAT from your router to your local host, just make sure you are NATing traffic on the private network between your routers. And also make sure that they are actually NATing traffic to you.
Hi! How do you do NAT OVERLOAD (PAT) in Mikrotik router?
In Ros 7.5 not nat is not working as it should. all the not nat public IPs also going through src nat which is for private IPs.
hi what software are you using for topology maping
This is eve-ng
@@ernestocastellotti722 Thankyou
@@kamranrockstar You are welcome
Were you afraid not catching your train in time as you were streaming ?
I don't ride on any trains :)
hahaha! it did feel like Mr Berg was in a rush. Not his usual calm sequenced self ;p
there is one issue if you can help me.
I've also done the same thing as you for Destination redirection
till morning it is working but now any port entry is not working
scenario is I've a public router ip that I want to route to my internally located server pc.
on NAT rule page I want port 5050 to routed on internally located pc 192.168.2.100 on port 80
But when I check for port 5050 it show the port is close