NAT PMP, is nothing to do with MT.
So lets get the facts.
You have a third party VPN connecting your router (as a client ) to the PROTON wireguard server.
Typically this is NOT for incoming originated requests, this is designed for sending some subnets or all subnets out the proton site for internet instead of your local site.
Heck it even says that on their page......
You can set up Proton VPN on your MikroTik router so that all devices that connect to the internet through it are protected by Proton VPN.
By the way, its recommended setup is actually misleading, and I would request assistance so that you do it properly once all the network facts are known.
++++++++++++++++
So lets be clear on what you are asking.
YES< the mikrotik does port forwarding. It can take INCOMING!!!! requests hitting the WANIP of the router on specified ports, and direct them to LAN servers.
YES< the mikrotik can take incoming requests (coming from the proton wireguard connection) and port forward them to local LAN servers.
/interface list
add ether1 list=WAN
add wireguard1 list=WAN
/ip firewall filter rule
add chain=forward action=accept connection-nat-state=dstnat
/ip firewall nat
add chain=dstnat action=dst-nat in-interface-list=WAN dst-port=serverport protocol=xxx
to-address=ServerIP
The question you should be asking IMHO is --> can remote users connect to PROTON which will then connect to you. The answer is probably NO. They are not build to handle multiple incoming users attempting to get to your router. They are built to accept your assigned IP address ONLY as viable connection source and solely for outward connection from their site to the internet.
Similarly, the associated question is does PROTON provide the port forwarding capability at their site, and the answer is no.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You have to be clear on the requirements of your traffic flows and the tools and methods to accomplish them.
Proton or third party VPN has very little flexibility. If you have a few users, provide wireguard access to your router directly for them to your servers!
So lets get the facts.
You have a third party VPN connecting your router (as a client ) to the PROTON wireguard server.
Typically this is NOT for incoming originated requests, this is designed for sending some subnets or all subnets out the proton site for internet instead of your local site.
Heck it even says that on their page......
You can set up Proton VPN on your MikroTik router so that all devices that connect to the internet through it are protected by Proton VPN.
By the way, its recommended setup is actually misleading, and I would request assistance so that you do it properly once all the network facts are known.
++++++++++++++++
So lets be clear on what you are asking.
YES< the mikrotik does port forwarding. It can take INCOMING!!!! requests hitting the WANIP of the router on specified ports, and direct them to LAN servers.
YES< the mikrotik can take incoming requests (coming from the proton wireguard connection) and port forward them to local LAN servers.
/interface list
add ether1 list=WAN
add wireguard1 list=WAN
/ip firewall filter rule
add chain=forward action=accept connection-nat-state=dstnat
/ip firewall nat
add chain=dstnat action=dst-nat in-interface-list=WAN dst-port=serverport protocol=xxx
to-address=ServerIP
The question you should be asking IMHO is --> can remote users connect to PROTON which will then connect to you. The answer is probably NO. They are not build to handle multiple incoming users attempting to get to your router. They are built to accept your assigned IP address ONLY as viable connection source and solely for outward connection from their site to the internet.
Similarly, the associated question is does PROTON provide the port forwarding capability at their site, and the answer is no.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You have to be clear on the requirements of your traffic flows and the tools and methods to accomplish them.
Proton or third party VPN has very little flexibility. If you have a few users, provide wireguard access to your router directly for them to your servers!
Statistics: Posted by anav — Mon Jan 01, 2024 7:18 pm