What's new

Skynet Skynet cannot detect Public IP address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

rsur2000

Occasional Visitor
Hello all,

I never had a problem with Skynet. But recently I add another internet connection and decided to use load balancing in MikroTik router and not using my RT-AC88U built-in dual WAN feature. At the moment I use Automatic IP in WAN setting for connection that came from MikroTik to WAN port (eth0).
When I run firewall, it shows my private IP address and not the public IP :

Code:
Router Model; RT-AC88U
Skynet Version; v7.2.3 (19/11/2020) (d54b1aeafe718d39a56c68794b36fdeb)
iptables v1.4.15 - (eth0 @ 192.168.200.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.2)
FW Version; 384.19_0 (Aug 14 2020) (2.6.36.4brcmarm)

My question is :
1. how can I make Skynet detect public IP address?
2. I cannot make connection from my MikroTik (such as port forwarding and ping) to my RT-AC88U. How can I make it work?


Thanks a lot
 
My question is :
1. how can I make Skynet detect public IP address?
2. I cannot make connection from my MikroTik (such as port forwarding and ping) to my RT-AC88U. How can I make it work?
1. Skynet doesn't need to detect your public IP address so it doesn't even try. This is not an issue for Skynet.
2. This is a MikroTik issue, not a Skynet issue.
 
Thanks for the reply...

Is it useless to use Skynet if it's already behind another firewall (MikroTik in my case) ?

For #2 question, I turned off the firewall in my RT-AC88U, and it's working now
 
Skynet can still provide security if you have outbound blocking enabled from this router. But if you turned off the firewall, it’s not possible now, since Skynet requires the firewall to be enabled.
 
I want to turn on the firewall, but how do I set the firewall so that the MikroTik can access my LAN subnet 192.168.200.0/24 ?

Thank you
 
It might be helpful if you diagrammed out how you have things set up. What are you expecting the MikroTik to do inside the LAN?
 
It might be helpful if you diagrammed out how you have things set up. What are you expecting the MikroTik to do inside the LAN?

Ok.
My MikroTik has IP address 192.168.100.1.
The given IP address to my RT-AC88U from MikroTik is 192.168.100.2.
My LAN IP address is 192.168.200.0/24
The From WAN connection that goes in from MikroTik, I want to have some port forwarding setup :

TCP port 37101 will be forwarded to 192.168.200.20 port 5000
TCP port 13998 will be forwarded to 192.168.200.20 port 6789
TCP port 38791 will be forwarded to 192.168.200.17 port 37775
TCP port 443 will be forwarded to 192.168.200.30 port 8123

And I also want my VPN Server in RT-AC88U can be connected from WAN.
I set up my VPN Server using port 1195 UDP.

So I think all of these setups must be done from iptables. Can anyone help me with the configuration?

Thank you so much
 
so let me get this straight, you are running NAT on a new firewall before the asus router and you are surprised that the asus router doesn't see the public ip address?

Spend some time and read up on RFC 1918.
 
No, I understand that RT-AC88U cannot see the public IP. Now continuing my previous question, I want the firewall (MikroTik) can access my network inside RT-AC88U.
 
Ok.
My MikroTik has IP address 192.168.100.1.
The given IP address to my RT-AC88U from MikroTik is 192.168.100.2.
My LAN IP address is 192.168.200.0/24
The From WAN connection that goes in from MikroTik, I want to have some port forwarding setup :

TCP port 37101 will be forwarded to 192.168.200.20 port 5000
TCP port 13998 will be forwarded to 192.168.200.20 port 6789
TCP port 38791 will be forwarded to 192.168.200.17 port 37775
TCP port 443 will be forwarded to 192.168.200.30 port 8123

And I also want my VPN Server in RT-AC88U can be connected from WAN.
I set up my VPN Server using port 1195 UDP.

So I think all of these setups must be done from iptables. Can anyone help me with the configuration?

Thank you so much
So... to clarify. As agilani says... you're double-NATing? I don't understand why you have the MikroTik in that equation... you say for load-balancing, but then everything is going to the Asus? Or do you have other devices NOT connected to the Asus?

As to the port forwarding, in the MikroTik I think you'll have to set them ALL up to forward to 192.168.100.2 (if they're all behind the Asus), and then in the Asus you'll have to do the port forwarding to the various devices. You'll also need to forward UDP1195 to /100.2.

BUT. I still don't understand the purpose of the MikroTik here.
 
I already have a network configuration under my RT-AC88U. Before I decided to go with dual WAN, I already placed 4 MikroTik and 2 Ubiquity access point behind my ASUS. When first I just had my second WAN, actually I tried to used the load balance in RT-AC88U. But it caused too much trouble. The restart several times everyday, and CPU load was high almost all the time. I have a spare MikroTik so I decided to place my MikroTik before RT-AC88U.

Actually I had the port forwarding settings. But for some reason it doesn't work. When I disable the RT-AC88U firewall it works flawlessly, but with the same settings and I turn on the firewall, it doesn't work anymore.

That's why I come to ask about the iptables rules. What should I do with the iptables so the port forwarding from MikroTik will work but the firewall in ASUS is also On.

Thank you.
 
Okay... but what I don't understand is what you're GAINING with the MikroTik... you're not balancing any load if you have Dual-WAN going into MicroTik and then *everything* still going through Asus... unless I'm missing something obvious here.

How does the MikroTik firewall compare to Skynet? I'm just not familiar with MikroTik at all. Also... you have SEVEN WAPs? How many devices are you serving? Over how much physical area? Wow!
If you're not using the radios in the "load-balancing" MikroTik and in the Asus, you'll save power, heat, and cycles by turning them off. Actually, with that many WAPs, I might still eliminate the first MikroTik, go back to dual-WAN Asus, and turn off the Asus radios. Let the other WAPs handle the wireless routing and free the Asus from that task.

Also - did you save any Asus logs from when you weren't using "MikroTik1" and, as you say, it was rebooting all the time? Anything useful in the logs to suggest the problem?
 
Yeah, actually I completely understand the idea of the load balancing is "useless" when I still use the ASUS as a main router.
I just want to combine the two internet connections so I can use those two connections at the same time and can use the fail over feature, here in my place the internet connections aren't stable at all.

I didn't save the log. But since I moved the load balance to MikroTik, this RT-AC88U works fine, has been up for few weeks, and the CPU load is normal.

I just ask for help, if anyone could kindly help me, how do I set the iptables firewall rules in RT-AC88U so it can meet my configuration in my post : https://www.snbforums.com/threads/skynet-cannot-detect-public-ip-address.67998/post-636703

Thank you so much
 
Man all I can think of is try to figure out if the MikroTik has some kind of dual-bridge mode.

But, you say everything works as you desire if you turn off Skynet? If that's the case, then make sure the MikroTik is whitelisted in Skynet and watch the Skynet logs to see what it's doing while you're testing out the setup, then you can figure out if there's anything else you need to whitelist. But... I think Skynet will only be useful for outbound blocks in this configuration, since all inbound traffic will appear to come from the MikroTik. I could be wrong here, happy to be corrected.

Otherwise, try swapping them, and get the dual-WAN going into the ASUS, and leave your VPN and Skynet there, but turn off the radios and let your other WAPs do the wireless part. I would still lean towards this solution, but you seem set against it. I'm not smart enough on manual iptables rules to comment there, because we don't even know the source of your problem yet. Someone else will have to weigh in.

Good luck!
 
Pardon me, I said everything works when I turn off the firewall (built-in RT-AC88U firewall), not the Skynet.

That's why I need to setup the iptables, so the firewall can receive the access from my MikroTik.

In my case, since I move the load balance to MikroTik, my ASUS works fine, never had problem since it started few weeks ago.
 
Skynet supplements the factory firewall. I believe if you disable the Firewall in GUI, you are also disabling Skynet. Happy to be corrected by someone smarter than me.

I've pretty much reached the limit of my understanding/advice for your situation. If you're not interested in changing around your hardware configuration, you have already whitelisted the MikroTik and stuff still isn't working, I don't know what else to say. Again, good luck!
 
Yes, someone already told me before your post that Skynet needs firewall to be ON.

Thank God, finally I found the solution. It's something called hairpin NAT, that I need to apply to my configuration.

But I think actually I still need someone could kindly give the iptables configuration for my situation, for the purpose of learning. I really have looked in many tutorials, tried many ways, but hasn't found anything that fit my need.


Thank you
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top