This is the rule that will work (work for me):
/ip firewall nat
add action=dst-nat chain=dstnat comment=“ROON ARC” dst-port=55000 in-interface=bridge-wan protocol=tcp to-addresses=YOURNUCIP to-ports=55000
Thanks a lot … but I have tried the above and this is not working… my question is the interface… Is the Bridge-wan interface the WAN interface… on my CCR 1009 … the wan interface is pppoe-Wan, but still not working…
In my case I have ethernet interface assigned for WAN bridge and another ethernet for LAN bridge.
In your case WAN is PPOE so use it insteed of WAN bridge.
Also make sure you have this rule before other NAT rules as maquerade.
And check the firewall if you are not blocking yourself.
I have public IP also and I am not sure if you are not blocked later at your ISP.
It is working so in your case should be working as well.
My firewall is complicated and I cant share it from security reasons but it seems it is not the case.
I can advice to use the following filter rule (place it as first one in firewall) to be sure it is not the problem:
ip firewall filter add action=accept chain=forward comment=“Accept established related from Internet” connection-state=established,related dst-address=YOURROONCOREIP/32 in-interface-list=internet
I have interface list called internet that gather all internet interface connected to my router (fiber and LTE backup). This rule will ensure the returning traffic to your ROON core will be accepted back. But instead you can use PPPoE as output interface only.
Like I said you have to had some external firewall that prevent this.
If you are double NATed then the upper level NAT should have the same rule in dest-nat but pointing your router.
In my case I am directly connected to internet so such circumstances does not exist.
When I disable above rule i got:
{
“connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“MYIP”,“router_external_ip”:null},
“natpmp_autoconfig”: {“status”:“NotFound”},
“upnp_autoconfig”: {“status”:“NotFound”}
}
I tried the upnp configuration in Mikrotik but it does not worked for me. The dest-nat is the only working fine. Unfortunately natpmp is not supported bu mikrotik also.
a massive thanks
and I understand about not sharing your firewall settings,
I have tried as suggested… and this is my output… which is similar to your output when this is disabled… so something is blocking the connection…
Hello Friends
Yes working fine at my end … very please and a massive thanks to Wrenth who kindly helped me …
Just wish the Arc can be available for Apple Watch…
These days I don’t carry my phone for the workout as I can answer calls and listen to music from my Apple Watch.