Сonfiguration Mikrotik

Node Operators troubleshooting
1

Tell me, please, can someone set up Mikrotik for the Story node? What are the features. We found out experimentally that packages are lost through Mikrotik. If you release it directly to the network, then everything is fine. Routing Settings:
Mikrotik 951Ui-2HnD
chain=dstnat action=netmap to-addresses=192.168.1.19 to-ports=28967 protocol=tcp dst-port=28967 log=no log-prefix=""
chain=forward action=accept protocol=tcp dst-port=28967 log=no log-prefix=""

Thank you in advance.

2

Hi, use destination NAT instead of netmap.

Her is example from Mikrotik wiki:

Destination NAT

Forward all traffic to internal host

If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to initiate connections to outside with given Public IP you should use source address translation, too.

Add Public IP to Public interface:

/ip address add address=10.5.8.200/32 interface=Public

Add rule allowing access to the internal server from external networks:

/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \ to-addresses=192.168.0.109

Add rule allowing the internal server to initate connections to the outer networks having its source address translated to 10.5.8.200:

/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \ to-addresses=10.5.8.200

2 Likes
3

That’s right:
chain=dstnat action=dst-nat to-addresses=192.168.1.19 to-ports=28967 protocol=tcp
dst-address=60.60.89.85 dst-port=28967 log=no log-prefix=""
chain=srcnat action=src-nat to-addresses=60.60.89.85 src-address=192.168.1.19 log=no
log-prefix=""
?

1 Like
4

Moved a 3 nodes under Mikrotik, but elevated only one.
Attached the screenshots of settings of the 2nd node.

2022-03-19_17-52-45
2022-03-19_17-52-45430×982 18.5 KB

2022-03-19_17-52-17
2022-03-19_17-52-17468×1066 27.3 KB

Were I’ve gone wrong with settings?

5

NAT
nat2

Here is my conf, i have 40 nodes working like that

6

you also need to open port in firewall

7

Do you have a src-nat rules too?

8

If I will to add an additional node to a router portforward it will looks like that?

Dst. Port: 28968
To ports: 28968

9

Yes, also ports to firewall

10

Ok, it is a primary setting that I’ve set before.

11

Is a “Dst. address” is public address?
If I’m using cloud no-ip service of a Mikrotik over Dynamic DNS what should I put there?

12

the NAT table looks like that:

2022-03-20_14-19-41
2022-03-20_14-19-411195×353 14.2 KB

Any comments about rules fixing would be appreciate:)

13

I asked that question to @Vadim

netmap rule seems should be removed

14

I’ve been tried to move dst-nat over netmap, but the node not starts that way.

2022-03-20_14-36-31 (2)
2022-03-20_14-36-31 (2)1232×94 3.57 KB

2022-03-20_14-35-46
2022-03-20_14-35-46900×703 37.2 KB

Maybe I’ve missed some other dependencies but after I’ve rolled back to netmap - dst-nat (the initial setting) the node started and works.

15

did you opend windows firewall also? how did you installed additional nodes?
also did you aded firewall rules to mikrotik on 28968 and 28969

16

I’ve installed them via Docker (as usual)

this is my Mikrotik firewall rules (IP->Firewall->NAT):

2022-03-20_17-04-06
2022-03-20_17-04-061188×368 25.3 KB

Windows firewall configured like I did before and they as on a several of my PC’s.

17

this is not firewall rules, this is NAT rules firewall is separate

firewall
firewall1332×951 274 KB

18

I have default “Filter rules” only.

2022-03-20_17-59-20
2022-03-20_17-59-201226×727 46 KB

Can you provide a screenshot with typical rule settings?

19

Screenshot 2022-03-20 155901
Also add to Action Accept.

this role shold be before drop All rule as rules executings row by row.

20

please make research how to make rules for firewall, it is very dangerous to operate node, without protection. By operationg node you expose your ip to wide web.