| RDP problem behind MT routers I am trying to RDP into my laptop, which is behind 2 routers, and a switch at a remote location.
I am NATing on the first core router, but not the 2nd.
I have a NAT rule in the 1st router forwarding 3389 to the 2nd router, and again another NAT rule in the 2nd router forwarding 3389 to the laptop IP.
When I try and connect, I see data/packets showing activity on the NAT rule on the 2nd router, but I am unable to connect.
I do not have any other nat rules on the 2nd router besides the rule forwarding 3389. Do I have to nat/masquerade on the 2nd router? |
|
|
|
 vipermCarpe DiemPremium
join:2002-07-09
Winchester, CA | I am confused you are or are not doing nat rules on the second router?
Here you say no nat on 2nd router "I am NATing on the first core router, but not the 2nd."
Here you do have nat on 2nd router??
"I have a NAT rule in the 1st router forwarding 3389 to the 2nd router, and again another NAT rule in the 2nd router forwarding 3389 to the laptop IP."
Maybe I am reading it wrong??
--
»www.accelwireless.com
ComTrain Certified Tower Climber.
Wireless and IT consultant.
Proficient in Mikrotik |
|
| You read it right, and I don't know what I am doing! lol
router1 I had NAT, and I also made the nat rule to dst-nat to the IP address of router2 at the port I am trying to get to.
In router 2 I had no nat at all, but I made a nat rule again, to dst-nat now to the device IP/port. I don't think that is the way to do it, seeing as both routers have routes to each other, I should just create the NAT rule in router1, directly to the device IP/port correct? |
|
 InssomniakThe GlitchPremium
join:2005-04-06
Cayuga, ON
kudos:1 | Yea there is no reason to have a NAT rule on a router that isnt doing NAT 
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca |
|
| Yea figured that after I typed that out.
I must have something else off because I still can't connect to those devices. I stopped because half way through doing this I ended up dropping the internet connection for the users at the other end, so I reverted all my changes and stopped.
I'll have to go there and try it again.
I have separate dchp servers serving 2 subnets, when I create the route in router1 to the new subnet on router2, it kills the internet connection to those that are on the original subnet, on router2. |
|
| reply to TheHox
Ok I think I may have something else screwy here...
Backing things up a bit, I have 2 MT routers linked up via a UBNT PTP link..
Upstream comes in to router1
router1 ether1 dchp 192.168.20.0/24
UBNT AP is 192.168.20.20
UBNT Client is 192.168.20.25
Router2 WAN is 192.168.20.150
Router2 has a DCHP server to its clients on ether1-5, 192.168.88.0/24
and another dchp server on ether 6-9 which is 192.168.80.0/24
So trying to test some things, I do some pings..
from router2, I ping router1 @ 192.168.20.1, pings fine.
from router1, I ping router2 @ 192.168.20.150, timeout
from router1, I ping router2 @ 192.168.88.1, and I get this:
[admin@MikroTik] > ping 192.168.88.1
HOST SIZE TTL TIME STATUS
192.168.20.25 84 64 2ms redirect host
192.168.20.1 84 64 4ms redirect host
192.168.20.25 84 64 42ms redirect host
192.168.20.1 84 64 47ms redirect host
192.168.20.25 84 64 123ms redirect host
192.168.20.1 84 64 137ms redirect host
192.168.20.25 84 64 162ms TTL exceeded
192.168.20.1 84 64 2ms redirect host
192.168.20.25 84 64 4ms redirect host
192.168.20.25 84 64 156ms TTL exceeded
192.168.20.25 84 64 4ms redirect host
192.168.20.1 84 64 6ms redirect host
192.168.20.25 84 64 145ms TTL exceeded
192.168.20.1 84 64 1ms redirect host
192.168.20.25 84 64 4ms redirect host
192.168.20.25 84 64 142ms TTL exceeded
sent=4 received=0 packet-loss=100%
|
|
bburley
join:2010-04-30
Cold Lake, AB | reply to TheHox
said by TheHox:when I create the route in router1 to the new subnet on router2, it kills the internet connection to those that are on the original subnet, on router2.
Your description is not entirely clear, but I don't think you need a route in router1 to the subnet on router2.
Since router2 is in routed mode and not using NAT, both router2 subnets should be visible on router1 LAN. The port forward is needed on router1 because of NAT. Your forward should point directly to the machine on the router2 subnet.
I am also assuming that your UBNT Client is connected to router2 on a port other than ether 1-9. Both UBNT devices should be in bridge mode. I wouldn't expect any problems there but I have had odd issues with implementations of "bridge" mode in some devices. |
|
| Originally there was only 1 dchp server on router2, .88.*, the internet for those users worked. There is also a router in the route list on router 1, of 192.168.88.0/24 to gateway 192.168.20.150 reachable ether3
With that setup, when I ping router2 at 192.168.20.150 I get timeouts, and when I ping router2 at 192.168.88.1, I get the weird response as shown above.
I've since then added the 2nd dchp server on router2 on ports 6-9.
So I added another route on router1, again 192.168.80.0/24 to gateway 192.168.20.150 reachable ether3
When I enable that, peoples internet connection drops that are on the .88.*
My current problems are that I can't seem to properly ping router2 from router1, and I can get users on the .80.* subnet to get internet access. I must be missing something but my brain is about fried and I need to take a step back and look it over again, or ask someone else to check it over. ;P |
|
| reply to TheHox
|
|
bburley
join:2010-04-30
Cold Lake, AB | Ok, now I suspect the bridge mode setting on the UBNT devices. Can you bring router2 to router1 location (without changing any settings) and see if it works without the PTP link? |
|
| reply to TheHox
You will need static routes in all routers (both ways). So router 1 will need a static to the outgoing subnet of router 2, and vise versa (unless you have some dynamic routing working and turned on).
Make sure you are adding your redirect rule above your masq rule in the first router or it won't work. Redirect would then need to have the actual IP of the connected device you wish to RDP to. So no DHCP, or at least it would need to have a static DHCP IP assigned to the computer. Connection tracking would need to be on as well for the first router. But I think that needs to be on in the first place for NAT to work.
--
»www.wirelessdatanet.net |
|
