Tell me, please, can someone set up Mikrotik for the Story node? What are the features. We found out experimentally that packages are lost through Mikrotik. If you release it directly to the network, then everything is fine. Routing Settings:
Mikrotik 951Ui-2HnD
chain=dstnat action=netmap to-addresses=192.168.1.19 to-ports=28967 protocol=tcp dst-port=28967 log=no log-prefix=""
chain=forward action=accept protocol=tcp dst-port=28967 log=no log-prefix=""
Thank you in advance.
Hi, use destination NAT instead of netmap.
Her is example from Mikrotik wiki:
If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to initiate connections to outside with given Public IP you should use source address translation, too.
Add Public IP to Public interface:
/ip address add address=10.5.8.200/32 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \ to-addresses=192.168.0.109
Add rule allowing the internal server to initate connections to the outer networks having its source address translated to 10.5.8.200:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \ to-addresses=10.5.8.200
That’s right:
chain=dstnat action=dst-nat to-addresses=192.168.1.19 to-ports=28967 protocol=tcp
dst-address=60.60.89.85 dst-port=28967 log=no log-prefix=""
chain=srcnat action=src-nat to-addresses=60.60.89.85 src-address=192.168.1.19 log=no
log-prefix=""
?
Moved a 3 nodes under Mikrotik, but elevated only one.
Attached the screenshots of settings of the 2nd node.
Were I’ve gone wrong with settings?
Here is my conf, i have 40 nodes working like that
you also need to open port in firewall
Do you have a src-nat rules too?
If I will to add an additional node to a router portforward it will looks like that?
Dst. Port: 28968
To ports: 28968
Yes, also ports to firewall
Ok, it is a primary setting that I’ve set before.
Is a “Dst. address” is public address?
If I’m using cloud no-ip service of a Mikrotik over Dynamic DNS what should I put there?
I asked that question to @Vadim
netmap rule seems should be removed
I’ve been tried to move dst-nat over netmap, but the node not starts that way.
Maybe I’ve missed some other dependencies but after I’ve rolled back to netmap - dst-nat (the initial setting) the node started and works.
did you opend windows firewall also? how did you installed additional nodes?
also did you aded firewall rules to mikrotik on 28968 and 28969
I’ve installed them via Docker (as usual)
this is my Mikrotik firewall rules (IP->Firewall->NAT):
Windows firewall configured like I did before and they as on a several of my PC’s.
Also add to Action Accept.
this role shold be before drop All rule as rules executings row by row.
please make research how to make rules for firewall, it is very dangerous to operate node, without protection. By operationg node you expose your ip to wide web.
