Solved ASUS RT-AC68U with Mikrotik PPTP Client Port Forwarding Double NAT problem

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

tymchyshyn90

Occasional Visitor
Hello!

I have main router Asus connected to internet with public ip. LAN 192.168.0.0/24.
There is also another router Mikrotik that is located elsewhere. Mikrotik receive private ip from ISP. LAN 192.168.1.0/24
I want to remote control Mikrotik. I started PPTP server on my Asus. Mikrotik connects and receive IP from my Asus 192.168.10.2.

On Asus I created port forwarding rule to 192.168.10.2 and now I can connect from anywhere to my Asus with specified port and get remote access to Mikrotik.
But now I want to get access to PC located in Mikrotik's LAN with IP 192.168.1.4. I created port forwarding rule on Mikrotik and when I connect from ASUS LAN to Mikrotik PPTP Client IP (192.168.10.2) I get full access to that PC in Mikrotik's LAN

It seems that everything is cool, but I faced one problem. I want connect to that PC from anywhere, not only from ASUS LAN. I created new port forwarding rule on ASUS to Mikrotik IP. And the chain of connections looks like this:
iPhone with LTE Internet - ASUS DDNS:1111 - Mikrotik(192.168.10.2:4444) - PC(192.168.1.4:3389)
And connection is not established

In Mikrotik logs I found that Mikrotik receive request from my iPhone LTE IP (94.153.84.xxx) via pptp and forward this to PC 192.168.1.4. But reverse connection from 192.168.1.4 to 94.153.84.xxx not established. I found that reverse connection go through pppoe (default gateway on mikrotik). Problem with connection is in this! Change defaul route on mikrotik not allowed. Because all trafic will go through VPN to my ASUS.

I tried to add route to 94.153.84.xxx on Mikrotik and set gateway pptp to this route. And iphone started connected well!
But this is not convenient, because iphone's ip is dynamic and always changes.

In google I found similar problem with two Mikrotiks.
Solution is to create source NAT rule on 1'st Mikrtik (like my ASUS)
After that 2nd Mikrotik will send traffic through 1st to internet.

How can I do this in my ASUS?
 

eibgrad

Very Senior Member
I think the following is what you're looking for.

Code:
iptables -t nat -I POSTROUTING ! -s 192.168.0.0/24 -d 192.168.1.0/24 -j MASQUERADE

Test it using ssh on the ASUS, and if it works, you can add it permanently as a nat-start script.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top