Hello,

I am mikrotik RB411 user. Basically I fixed port problems, like for skype and utorrent, tests show that ports are open, also in action torrent client works great, I upload torrent and everybody can connect to me instantly.

Before I used fallowing config, to open ports



IP FIREWALL/NAT
1.1 /ip firewall nat add chain=dstnat dst-address=80.233.160.xxx(WAN IP) in-interface=wlan1 protocol=tcp dst-port=0-65000 \\
action=dst-nat to-addresses=192.168.88.5(LAN IP) to-ports=0-65000

1.2 /ip firewall nat add chain=dstnat dst-address=80.233.160.xxx in interface=wlan1 protocol=udp dst-port=0-65000 \\
action=dst-nat to-addresses=192.168.88.5(LAN IP) to-ports=0-65000

NAT MANGLE
chain=forward dst-address=192.168.88.5(LAN IP) action=accept
chain=output dst-address=192.168.88.5(LAN IP) action=accept

Note: Gateway for LAN is 192.168.88.1
-------------------------------------------------------------

So now what I started to wounder about. IP/Firewall rules I left the way they are. I edited what is in NAT MANGLE:

/ip firewall mangle add chain=forward(or Input) in interface=wlan1 action=mark connection connection mark=1
/ip firewall mangle add chain=forward(or Input) out interface=ether1 action=mark connection connection mark=1

Also this way in port test show tha everything is ok, but poroblem couse when I try to run a gaming server, nobody can connect to me.

What should be correct config? I wanted to open ports in certain range like 0-65000, so whatever program is using some port, so I dont need to create a bunch of rules for all of them.
Also to create rule which would allow to pass traffic in the router and out of it.


Thanks for help

1.1 /ip firewall nat add chain=dstnat dst-address=80.233.160.xxx(WAN IP) in-interface=wlan1 protocol=tcp dst-port=0-65000 \\
action=dst-nat to-addresses=192.168.88.1 to-ports=0-65000

1.2 /ip firewall nat add chain=dstnat dst-address=80.233.160.xxx in interface=wlan1 protocol=udp dst-port=0-65000 \\
action=dst-nat to-addresses=192.168.88.1 to-ports=0-65000

Try to redirect the traffic to: 192.168.88..5 instead of 192.168.88.1... : P!

NAT MANGLE
chain=forward dst-address=192.168.88.5(LAN IP) action=accept
chain=output dst-address=192.168.88.5(LAN IP) action=accept

Basically, what I dont like in this rule is that, if action=accept, then traffic comes into router but it doesnt pass to next firewall rule. As a sample I was using this scheme to coordinate rules
http://www.mikrotik.com/testdocs/ros/2.9/ip/flow.php,

but still not sure if I did everything right:

/ip firewall mangle add chain=forward(or Input) in interface=wlan1 action=mark connection connection mark=1
/ip firewall mangle add chain=forward(or Input) out interface=ether1 action=mark connection connection mark=1

I would appreciate help

Hi, you edited the post... : P!

Try: http://wiki.mikrotik.com/wiki/Manual:IP/UPnP

could someone show there, where should I find something like template which I could use to build complete firewall. There are a lot of, like images about how routing looks like
and it also takes a while to figure out what is right.

Basically Im trying to run gaming server and problem is that nobody can connect to me in meantime rest of programms works fine.

Also noticed that, mby it was because previously I had old firmware but :

when I define ports in range like from 0-10000 then port test show they are closed because of same issues with ports which are under 1024.

---------------------------

I want to know, how I need to set up firewall(Nat Filter/NAT/Mangle), so everything works as it should.