Wed Nov 09, 2011 7:10 pm
I will show you sample. This will affect bitorrent clients and other software.
Sample Ip configuration, which will reveal fallowing configuration:
Ether1
Gateway: 192.168.88.1
Subnet: 24
Static Ip: 192.168.88.5
Wlan1
Ip: 80.233.160.223
Subnet: xxxx
Gateway: xxxx
1st. Create NAT RULES and also set in interface wlan
1.1 /ip firewall nat add chain=dstnat dst-address=80.233.160.233 in-interface=wlan1 protocol=tcp dst-port=0-65000 \
action=dst-nat to-addresses=192.168.88.1 to-ports=0-65000
1.2 /ip firewall nat add chain=dstnat dst-address=80.233.160.233 in interface=wlan1 protocol=udp dst-port=0-65000 \
action=dst-nat to-addresses=192.168.88.1 to-ports=0-65000
"These 2 rules will allow you to receive incoming connections, because, I think, routers in most cases doesnt restrict any outgoing connection even if isp isnt blocking something far away from router. This is how to achieve, to allow connect users to you who are using bitorrent clients and it works great if somebody is uploading torrents, it make it easier to connect these peers to you.
And you want to set port range between 0-65000 because these rules will aplies to any application which will use any port in this range. That means, you dont need to set up hundreds of rules for a hundreds of applications."
2nd. Create NAT Mangle
2.1 chain=input dst-address=80.233.160.233 in-interface=wlan1 aciton=accept
"chain, input allows to receive connections from internet"
2.2 chain=forward dst-address=192.168.88.5 action=accept
"You have to allow to pass this traffic out of router"
Setting all this thing up will open up your ports. Without this configuration for me, ports were closed. And it is simple to understand too.