Note: I have been messing with this several days and just can't get it to work. I have searched these forums and Google and can't get anything to work. I'm sort of a noob to the Mikrotik thing, but I'm decent with networking.
I have a RB750G. It's connected to my 2WireGateway in the DMZ mode and has an external public IP. Right now I have the MT on defaults. I have NAT enabled and protect router and protect LAN disabled. I also enabled the PPTP server and added secrets. I can't get it to work over the internet however. (I did not add firewall rules for it) My firewall filters is empty and the NAT only has the default masquerade rule. I'm assuming I need to add some rules for the PPTP to work, but I'm having no luck. I'm also trying for forward, for example, port 80 and 3389 to my internal server. Let's say it has an IP of 192.168.88.10. How can I do this? I have had no luck whatsoever. I've been using www.canyouseeme.org to see if the ports are open and it's come back negative every try. Can anyone help me with this?
Re: Help setting up PPTP server and port forwarding.
http://wiki.mikrotik.com/wiki/Manual:IP ... rt_mapping
That manual section discusses port forwarding. Just substitute your destination IPs, protocols, and ports.
If the firewall ruleset is empty then nothing is blocking the PPTP server from working. Post the server configuration you applied and a network diagram, as well as the output of "/ip address print detail", "/ip route print detail", and "/ip firewall export". Also ensure your ISP isn't blocking traffic (they might be, as running servers in home connections is often frowned upon), and that your modem doesn't consider DMZ mode as not just forwarding all TCP and UDP traffic through, but all traffic. PPTP requires GRE to work. Also, read the manual on logging and turn on logging for PPTP - if control traffic is making it through at all the logs should give a good indication of what is going wrong.
That manual section discusses port forwarding. Just substitute your destination IPs, protocols, and ports.
If the firewall ruleset is empty then nothing is blocking the PPTP server from working. Post the server configuration you applied and a network diagram, as well as the output of "/ip address print detail", "/ip route print detail", and "/ip firewall export". Also ensure your ISP isn't blocking traffic (they might be, as running servers in home connections is often frowned upon), and that your modem doesn't consider DMZ mode as not just forwarding all TCP and UDP traffic through, but all traffic. PPTP requires GRE to work. Also, read the manual on logging and turn on logging for PPTP - if control traffic is making it through at all the logs should give a good indication of what is going wrong.
-
-
mattsawatzky
newbie
- Posts: 41
- Joined:
Re: Help setting up PPTP server and port forwarding.
No luck adding those. I already tried those. I also know that the DMZ does work properly for VPN traffic. I had this box working a week or two ago and then reset to defaults and now I can't get it back working again... very frustrating. If I forward the ports on another router, it works fine, so it's definitely the router.
INTERNET---> 2WireGateway ---- DMZ----->RB750G-----> Server & other clients.
The thing is it was working just a week ago, but I couldn't get port forwarding to work (VPN worked awesome.) so I switched to another router in the meantime while I got this one figured out.
INTERNET---> 2WireGateway ---- DMZ----->RB750G-----> Server & other clients.
Code: Select all
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether2-local
actual-interface=bridge
1 D address=172.16.1.64/24 network=172.16.1.0 broadcast=172.16.1.255 interface=ether1-gateway
actual-interface=ether1-gatewayCode: Select all
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=172.16.1.254 gateway-status=172.16.1.254 reachable ether1-gateway distance=1
scope=30 target-scope=10
1 ADC dst-address=172.16.1.0/24 pref-src=172.16.1.64 gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge gateway-status=bridge reachable distance=0
scope=10 Code: Select all
/ip firewall export
# jan/02/1970 01:44:39 by RouterOS 4.11
# software id = AC6L-1CI9
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment="Added by webbox" disabled=no out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=3389 protocol=tcp to-addresses=192.168.88.254 to-ports=\
3389
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=1723 protocol=tcp to-addresses=192.168.88.1 to-ports=\
1723
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
Re: Help setting up PPTP server and port forwarding.
You have a DHCP client running on your WAN interface. How does the modem know to forward all traffic to you?
The NAT rule for TCP/1723 makes no sense. You are NAT'ing traffic already destined to you (if the modem is forwarding it correctly, that is) to yourself.
Other than those two items things look OK.
The NAT rule for TCP/1723 makes no sense. You are NAT'ing traffic already destined to you (if the modem is forwarding it correctly, that is) to yourself.
Other than those two items things look OK.
-
-
mattsawatzky
newbie
- Posts: 41
- Joined:
Re: Help setting up PPTP server and port forwarding.
It goes by MAC address. To enable the DMZ it has to be DHCP. Stupid 2WireGateways... hate them.You have a DHCP client running on your WAN interface. How does the modem know to forward all traffic to you?
The NAT rule for TCP/1723 makes no sense. You are NAT'ing traffic already destined to you (if the modem is forwarding it correctly, that is) to yourself.
Other than those two items things look OK.
As for the NAT rule, I was just trying to see if that would fix it... apparently not.
-
-
mattsawatzky
newbie
- Posts: 41
- Joined:
Re: Help setting up PPTP server and port forwarding.
OK, so I got it working now. It seemed to have something to do with my Gateway. I reset it all and did it from scratch (again) and it seems to have worked this time. Both VPN and the forwarded ports are working. I have another questions though, when I type in my IP on an external connection (I'm remoted in to my work computer to test this), I get the RouterOS login page for my router. I want port 80 to be forwarded to my webserver. I also noticed port 21 and some others are auto forwarded. How do I close these and how do I change port 80?
Who is online
Users browsing this forum: No registered users and 144 guests