Mikrotik: How to set up routing correctly?

I

Igor2021-09-29 22:21:30

network hardware

Igor, 2021-09-29 22:21:30

Good day to all.
I almost got out of my sharaga and realized that they didn’t teach me shit. In order to gain experience and knowledge, I bought myself a BU server for a penny HP DL360 G7 and a hAP Lite microt router. After restoring the server, I decided to do something with it, and immediately the idea came up to host the lane server to play with friends, unloading the percent on my computer. I rolled up ESXi, put it on a Debian virtual machine, raised the server, everything works, the connection from the computer on the local network goes on, everything is fine. BUT - there is no connection from the outside. I opened the ports in microt to the server (the settings are 100% correct, because I set it up in the same way as the computer, where everything, of course, works), but still nothing works. Demolished ESXi and rolled debian directly and again the same trouble. Opened ports through iptables both on INPUT, and on OUTPUT, and even FORWARD for some reason. But it still doesn't work. I also asked a friend to try to connect via SSH to an external IP. Naturally, nothing happened. After some time of ordeal, it finally dawned on me that the problem was in routing.

Actually the question itself: How to set up routing on a microte so that the computers on the network themselves figure out which of them is being requested? In theory, microtask has dynamic routing by default, but, apparently, it either does not work as it should, or is not enabled at all. Important: it is necessary that not all requests go to the server by default, and computers on the network parse the requests themselves, because I keep an open FTP server on computer 1 for quick file exchange with friends, a small one on computer 2 hosts something sometimes, and the server will host the site. I ask you not to kick for tongue-tied tongue, because I am actually learning again, because. in sharaga knowledge could not be obtained.

I also attach a diagram of my local network. Because There are only 4 ports in microte and one of them is for WAN, that is, there are some difficulties. Specifically, now I can directly poke the server into the router, but in the future I will most likely have to shrink to connect another device. Therefore, it is better to immediately configure it for using an active switch on the network (it is actually on the diagram). If it plays a role - trendnet te100-s5 switch.

PS It is advisable to explain how to teapot in the style of "poke here, choose this", because with microts I'm not even on "you".

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Karabanov, 2021-09-29
@BroShow

For starters, to make it all work, you need a white IP.
The rules will be:

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Minecraft LAN" in-interface-list=WAN log=yes log-prefix="mine\?" protocol=tcp to-addresses=192.168.88.223 dst-port=40000-65535
add action=dst-nat chain=dstnat comment="Server utils like SSH, FTP, etc." in-interface-list=WAN log=yes log-prefix=secserver protocol=tcp to-addresses=192.168.88.156 dst-port=31150-31200
add action=dst-nat chain=dstnat comment=Server in-interface-list=WAN protocol=tcp to-addresses=192.168.88.156 dst-port=40000-65535

And are you sure that the traffic of this game is TCP? Should be UDP otherwise what's the point?
And are you sure that the ports are 40000-65535?
And yet, if all of the above about ports and protocols is true (hardly), and you want to connect to the game server via an external IP from the LAN, then nothing will work, since you will need to additionally configure Hairpin NAT
PS

It is advisable to explain like a teapot in the style of "poke here, choose this", because with microts I'm not even on "you".

In https://help.mikrotik.com/docs