Thank you Sob,... posted config seems to be for something slightly different. What's with all those other addresses? Meaning all 10.10.10.x, 192.168.129.1/24, 192.168.0.x in NAT?
/interface ethernet set [ find default-name=ether5 ] poe-out=forced-on /ip address add interface=ether1 address=10.10.10.14/24 add interface=ether5 address=192.168.0.1/24 /ip firewall nat add chain=dstnat dst-address=10.10.10.14 action=netmap to-addresses=192.168.0.63 add chain=srcnat src-address=192.168.0.63 action=netmap to-addresses=10.10.10.14
v7 enables a few more options for these routers I hoped might be useful. But you are right, it is not necessary as far as baseline functionality is concerned.
Srcnat may not be required if RIOM only ever responds to incoming connections, but it can't hurt if you keep it anyway (it just won't do anything).
But truth is, I don't see anything in original config that should make it work differently. It can't be completely broken if it sometimes works. I'm probably missing something, but I'm not sure what it might be. Packet sniffer can help, if you know what data you're expecting, you'll see if they come or not.
I also don't understand what you want to do with v7, it doesn't seem like it could bring anything useful over v6.
- Ping - Yes, you can keep it running with -t and PC will be sending ICMP packets to router. If switch doesn't eat them, you must see them on router, first as inbound on ether1 and then outbound on ether5. If RIOM responds, you'll see it as inbound packets on ether5 and outbound on ether1 (and finally they should reach PC too). It seems most likely that requests will be ok and there won't be responses from RIOM for some reason. You can sniff what other traffic is on ether5 and maybe it will show something useful. You can also try to ping RIOM's 192.168.0.63 from router to see if it responds to that. Also check if there's MAC address for RIOM in IP->ARP.
- Netmap - It's a habit, I use it when I want all ports. It's different from src/dstnat when used with subnets (i.e. multiple addresses), but I'm not sure if there's any real difference when it's just one (maybe there is, but so far I didn't find it).
- How much data - It's just that I don't have even rough idea, this data point, is it few bytes, few kilobytes, megabyte, ... one packet, ten packets, thousand packets...
/interface ethernet set [ find default-name=ether5 ] poe-out=forced-on /interface bridge add name=bridge1 /interface list add name="riom net" /interface bridge port add bridge=bridge1 interface=ether5 trusted=yes add bridge=bridge1 interface=ether4 trusted=yes /ip settings set icmp-rate-limit=5 send-redirects=no /interface detect-internet set detect-interface-list="riom net" lan-interface-list="riom net" /interface list member add comment="for detect interface" interface=ether5 list="riom net" add comment="for detect interface" interface=ether4 list="riom net" add comment="for detect interface" interface=ether3 list="riom net" add comment="for detect interface" interface=ether2 list="riom net" /ip address add address=10.10.10.64/24 interface=ether1 network=10.10.10.0 add address=192.168.0.1/24 interface=ether5 network=192.168.0.0 /ip firewall mangle add action=mark-routing chain=prerouting dst-address=10.10.10.64 \ new-routing-mark=main passthrough=no /ip firewall nat add action=dst-nat chain=dstnat dst-address=10.10.10.64 in-interface=ether1 \ to-addresses=192.168.0.63 /ip route add distance=1 gateway=ether1 add check-gateway=ping distance=1 dst-address=192.168.0.63/32 gateway=bridge1 /system watchdog set watchdog-timer=no /tool bandwidth-server set authenticate=no enabled=no /user aaa set default-group=full
Similar with detect internet...
...the one with check-gateway=ping, even though it's doing nothing as route, is pinging 192.168.0.63 from time to time, which can have some effect. But I'd rather replace that with Netwatch pinging same address, there would be configurable interval as bonus.
Connection tracking has some limits, but if you use any kind of NAT, you can't get rid of it.
Duplicate ports could be a problem for TCP, where you can see when connection starts. So if old one would be still active, new one using same source port (same everything, source/destination addresses/ports) would fail. But normally it shouldn't be a problem, because Windows changes source port for each new connection.
UDP wouldn't mind at all, as it doesn't have connections, so "duplicate" would be seen as part of what conntrack already knows.
But there could be problem with too low timeouts. If there was a pause without packets, connection would time out and following response from RIOM would be seen as new, and router wouldn't know that it should change its source to 10.10.10.x. UDP could be fixed with srcnat rule (see my simple config at the beginning). TCP probably not.
netsh int ipv4 show dynamicport tcp netsh int ipv4 show dynamicport udp
1. The posted configuration is applied to routers running their default configuration? Or a total wipe is needed before?
2. Can be used less routers to achieve the same results (no PoE needed)? (ideally, just one switch running RouterOS)
3. Did the RIOM project finally reach production stage?
I must control several devices from one PC. These devices have all of them the same 192.168.x.x private IP, that cannot be changed. Don´t know from where to start, any help is welcome!
/interface ethernet set [ find default-name=ether1 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether5 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full poe-out=\ forced-on /ip neighbor discovery-settings set discover-interface-list=all /ip settings set send-redirects=no /ip address add address=10.10.10.104/24 interface=ether1 network=10.10.10.0 add address=192.168.88.1/24 interface=ether2 network=192.168.88.0 add address=192.168.0.200/24 interface=ether5 network=192.168.0.0 /ip firewall nat add action=dst-nat chain=dstnat in-interface=ether1 to-addresses=192.168.0.63 add action=src-nat chain=srcnat out-interface=ether1 to-addresses=\ 10.10.10.104 /ip ipsec settings set accounting=no /snmp set enabled=yes /system identity set name=router10 /system watchdog set ping-start-after-boot=5h watchdog-timer=no /tool bandwidth-server set authenticate=no enabled=no /tool netwatch add host=192.168.0.63 interval=30s /user aaa set default-group=full use-radius=yes