I'm buffaloed by port translation, which is supposedly very simple. I set all my subscribers up with a NATted LAN at 192.168.10.0/24, the router at .1, the DHCP range at .100-.115 or so, and if they have a WiFi router, I hardcode it to .2 and configure it as an access point, no NAT. The CPE (SXT or other) does all the NAT.
I want to be able to access the setup screen on each household WiFi AP so I can handle additional classes of problems without driving out. I set up NAT as so (10.2.1.251 is the WAN of the CPE I am testing with): /ip firewall nat add action=dst-nat chain=dstnat dst-address=10.2.1.251 dst-port=8080 protocol=tcp to-addresses=192.168.10.2 to-ports=80 add action=masquerade chain=srcnat out-interface=WLAN to-addresses=0.0.0.0 When I browse to 10.2.1.251:8080 at the NOC, I see the packet come in the WAN, I see it get NATted to 192.168.10.2:80, I see a response come in the ether from the WiFi, and then... nothing. Connection stays at SYN, then dies. I know it's not a firewall issue, because I temporarily bypassed the firewall with unconditional ACCEPT statements for all chains at the top. I have no problems setting up a PPTP VPN on the CPE, logging into it, becoming a member of the LAN, and accessing the WiFi that way, but it burns me that I should be able to make it work the simpler way and I just can't do it. Any ideas? Thanks in advance. _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
