New Member
Posts: 4
Registered: ‎07-31-2015

EDGE Router lite NAT

[ Edited ]

Hello. NAT does not work.  firewall off.

Camera install port 37777.

  NAT install port to port

 

When trying to connect   "count" changes, but there is no connection

 

sorry for bad english

NAT.JPG
nat2.JPG
nat3.JPG
Regular Member
Posts: 418
Registered: ‎02-26-2014
Kudos: 35
Solutions: 4

Re: EDGE Router lite NAT

please paste your config here

Do you want help ?
Visit -> https://ubiquitipolska.pl

We are Ubiquiti Networks Managed Services and Integrator Company
https://ubntnetworks.net
New Member
Posts: 4
Registered: ‎07-31-2015

Re: EDGE Router lite NAT

actual ip replaced by 8.8.8.8

 

gateway 8.88.8.129

 

 

ubnt@ubnt# cat /config/config.boot                                              
firewall {                                                                      
    all-ping enable                                                             
    broadcast-ping disable                                                      
    group {                                                                     
    }                                                                           
    ipv6-receive-redirects disable                                              
    ipv6-src-route disable                                                      
    ip-src-route disable                                                        
    log-martians enable                                                         
    receive-redirects disable                                                   
    send-redirects enable                                                       
    source-validation disable                                                   
    syn-cookies enable                                                          
}                                                                               
interfaces {                                                                    
    ethernet eth0 {                                                             
        address 192.168.0.1/24                                                  
        duplex auto                                                             
        firewall {                                                              
            local {                                                             
            }                                                                   
        }                                                                       
        speed auto                                                              
    }                                                                           
    ethernet eth1 {                                                             
        address 8.8.8.8/25                                               
        duplex auto                                                             
        firewall {                                                              
            in {                                                                
            }                                                                   
            local {                                                             
            }                                                                   
            out {                                                               
            }                                                                   
        }                                                                       
        speed auto                                                              
    }                                                                           
    ethernet eth2 {                                                             
        address 172.16.100.1/24                                                 
        description eth2video                                                   
        duplex auto                                                             
        firewall {                                                              
            in {                                                                
            }                                                                   
            local {                                                             
            }                                                                   
            out {                                                               
            }                                                                   
        }                                                                       
        speed auto                                                              
    }                                                                           
    loopback lo {                                                               
    }                                                                           
}                                                                               
port-forward {                                                                  
    auto-firewall enable                                                        
    hairpin-nat enable                                                          
    lan-interface eth2                                                          
    lan-interface eth0.20                                                       
    lan-interface eth0.30                                                       
    wan-interface eth1                                                          
}                                                                               
service {                                                                       
    dhcp-server {                                                               
        disabled false                                                          
        hostfile-update disable                                                 
        shared-network-name eth03 {                                             
            authoritative disable                                               
            subnet 192.168.0.0/24 {                                             
                default-router 192.168.0.1                                      
                dns-server 8.8.8.8                                           
                lease 86400                                                     
                start 192.168.0.100 {                                           
                    stop 192.168.0.200                                          
                }                                                               
            }                                                                   
        }                                                                       
    }                                                                           
    gui {                                                                       
        https-port 443                                                          
    }                                                                           
    nat {                                                                       
        rule 1 {                                                                
            description Videoregistrator#3                                      
            destination {                                                       
                address 8.8.8.8                                          
                port 37777                                                      
            }                                                                   
            inbound-interface eth1                                              
            inside-address {                                                    
                address 172.16.100.242                                          
                port 37777                                                      
            }                                                                   
            log enable                                                          
            protocol tcp                                                        
            source {                                                            
            }                                                                   
            type destination                                                    
        }                                                                       
        rule 2 {                                                                
            description Videoregistrator#1                                      
            destination {                                                       
                address 8.8.8.8                                          
                port 37777                                                      
            }                                                                   
            inbound-interface eth1                                              
            inside-address {                                                    
                address 172.16.100.252                                          
                port 37777                                                      
            }                                                                   
            log enable                                                          
            protocol tcp                                                        
            type destination                                                    
        }                                                                       
        rule 3 {                                                                
            description Videoregistrator#2                                      
            destination {                                                       
                address 8.8.8.8                                          
                group {                                                         
                }                                                               
                port 37777                                                      
            }                                                                   
            inbound-interface eth1                                              
            inside-address {                                                    
                address 172.16.100.243                                          
                port 37777                                                      
            }                                                                   
            log enable                                                          
            protocol tcp                                                        
            source {                                                            
            }                                                                   
            type destination                                                    
        }                                                                       
        rule 5000 {                                                             
            description "Local NAT"                                             
            log disable                                                         
            outbound-interface eth1                                             
            protocol all                                                        
            type masquerade                                                     
        }                                                                       
    }                                                                           
    ssh {                                                                       
        port 22                                                                 
        protocol-version v2                                                     
    }                                                                           
}                                                                               
system {                                                                        
    domain-name Ubiquiti                                                        
    gateway-address 8.88.8.129                                              
    host-name ubnt                                                              
    login {                                                                     
        user ***** {                                                              
            authentication {                                                    
                encrypted-password $6$vYTAYC8876rM/InmA$S6SLx4ezgVwYTZtD9toLb3I5a9U
B6vO2pupPafujMePvukTLPvIx6WNsh7hR9HYXeA9VGI/H1Ofks6X0EuzrL.                     
                plaintext-password ""                                           
            }                                                                   
            level admin                                                         
        }                                                                       
        user ***** {                                                             
            authentication {                                                    
                encrypted-password $6$wvg62ic5hf3Mw$fXH7zr8u0jzNwdmtcJHTYZFhPKTE3FTR
JfvKblrfJ1obsT8PH4pYOEC2aZv9jex7IXqPPqAW12BebCqRSGV/I/                          
                plaintext-password ""                                           
            }                                                                   
            full-name ubnt                                                      
            level admin                                                         
        }                                                                       
    }                                                                           
    ntp {                                                                       
        server 0.ubnt.pool.ntp.org {                                            
        }                                                                       
        server 1.ubnt.pool.ntp.org {                                            
        }                                                                       
        server 2.ubnt.pool.ntp.org {                                            
        }                                                                       
        server 3.ubnt.pool.ntp.org {                                            
        }                                                                       
    }                                                                           
    syslog {                                                                    
        global {                                                                
            facility all {                                                      
                level notice                                                    
            }                                                                   
            facility protocols {                                                
                level debug                                                     
            }                                                                   
        }                                                                       
    }                                                                           
    time-zone Asia/Krasnoyarsk                                                  
}                                                                               
                                                                                
                                                                                
/* Warning: Do not remove the following line. */                                
/* === vyatta-config-version: "config-management@1:conntrack@1:dhcp-relay@1:dhcp
-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util
@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */                             
/* Release version: v1.4.1.4648309.140310.1607 */
 
 
SuperUser
Posts: 20,402
Registered: ‎09-17-2013
Kudos: 5144
Solutions: 1458

Re: EDGE Router lite NAT

well, unless you're changing 8.8.8.8 in each of your NAT rules, it's not going to work (i.e. everything is going to go to the first camera).

 

Also, are the cameras REALLY listening on 37777, and not something more normal (80, 443, 8080, 8443 come to mind).

Member
Posts: 202
Registered: ‎02-03-2014
Kudos: 43
Solutions: 4

Re: EDGE Router lite NAT

[ Edited ]

Why are you using NAT rules to port forward, rather than the port-forward service (or the "Port Forward" tab of the "Firewall/NAT" configuration page)? Try using "Port Forward" or the port-forward service.

 

Edit: You are also attempting to forward the same inbound TCP port (37777) to three different destinations. I *think* only the first rule will ever trigger, so you'd only ever get a forward to the first IP.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3142
Solutions: 945
Contributions: 16

Re: EDGE Router lite NAT


@kl wrote:

Why are you using NAT rules to port forward, rather than the port-forward service (or the "Port Forward" tab of the "Firewall/NAT" configuration page)? Try using "Port Forward" or the port-forward service.

 

Edit: You are also attempting to forward the same inbound TCP port (37777) to three different destinations. I *think* only the first rule will ever trigger, so you'd only ever get a forward to the first IP.


It's not wrong to use destination nat or the port forward feature - they are both destination NAT, but port-forward is a short-cut for basic port-forward.  For more advanced things you will still need to use destination NAT.  Here a discussion of the difference LINK.

EdgeMAX Router Software Development