I have WAN 77.237.123.xxx and it is static. RB LAN IP 10.1.1.254. When I enter WAN address into web browser it opens my RB login page. I don't want that. I need to forward a few ports to internal machines but I can only forward NAT over port 80.
/ip firewall nat add chain=dstnat dst-address=77.237.123.xxx protocol=tcp dst-port=80 \
action=dst-nat to-addresses=10.1.1.xx to-ports=80
Only this works, any other port - nothing. And I need to access 3 machines on internal network.
I have in firewall NAT rules: chain srcnat out-interface-wan masquarade
Other than that i have:
input 1 (icmp) accept
input in interface wan accept connection state-established
input in interface wan accept connection state-related (here is 0 traffic)
forward bittorent on tcp drop
I more details are needed would be happy to provide. Please help me.
Thanks
-
-
shadowskippie
Member Candidate
- Posts: 213
- Joined:
Re: Mikrotik port forwarding - simple help!
that is because you haven't forwarded the other ports.
when a packet comes in with port 80 the router will forward that packet onto the machine you specified as the rules dictated, but if anything <80 or >80 comes in it'll think its for itself as there are no rules telling it other wise.
when a packet comes in with port 80 the router will forward that packet onto the machine you specified as the rules dictated, but if anything <80 or >80 comes in it'll think its for itself as there are no rules telling it other wise.
Re: Mikrotik port forwarding - simple help!
Just change the IP addresses, port numbers, WAN interface name, copy and paste this code in terminal:
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN
add action=src-nat chain=srcnat comment="" disabled=no protocol=tcp \
src-address=10.1.1.143 src-port=9724 to-addresses=77.237.123.xxx \
to-ports=9724
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=9724 protocol=tcp to-addresses=10.1.1.143 \
to-ports=9724
add action=src-nat chain=srcnat comment="" disabled=no protocol=udp \
src-address=10.1.1.143 src-port=9724 to-addresses=77.237.123.xxx \
to-ports=9724
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=9724 protocol=udp to-addresses=10.1.1.143 \
to-ports=9724
add action=src-nat chain=srcnat comment="" disabled=no protocol=tcp \
src-address=10.1.1.129 src-port=54321 to-addresses=77.237.123.xxx \
to-ports=54321
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=54321 protocol=tcp to-addresses=10.1.1.129 \
to-ports=54321
add action=src-nat chain=srcnat comment="" disabled=no protocol=udp \
src-address=10.1.1.129 src-port=54321 to-addresses=77.237.123.xxx \
to-ports=54321
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=54321 protocol=udp to-addresses=10.1.1.129 \
to-ports=54321
In this example port 9724 TCP and UDP is forwarded to 10.1.1.143 and port 54321 to 10.1.1.129.
Hope this helps.
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN
add action=src-nat chain=srcnat comment="" disabled=no protocol=tcp \
src-address=10.1.1.143 src-port=9724 to-addresses=77.237.123.xxx \
to-ports=9724
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=9724 protocol=tcp to-addresses=10.1.1.143 \
to-ports=9724
add action=src-nat chain=srcnat comment="" disabled=no protocol=udp \
src-address=10.1.1.143 src-port=9724 to-addresses=77.237.123.xxx \
to-ports=9724
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=9724 protocol=udp to-addresses=10.1.1.143 \
to-ports=9724
add action=src-nat chain=srcnat comment="" disabled=no protocol=tcp \
src-address=10.1.1.129 src-port=54321 to-addresses=77.237.123.xxx \
to-ports=54321
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=54321 protocol=tcp to-addresses=10.1.1.129 \
to-ports=54321
add action=src-nat chain=srcnat comment="" disabled=no protocol=udp \
src-address=10.1.1.129 src-port=54321 to-addresses=77.237.123.xxx \
to-ports=54321
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
77.237.123.xxx dst-port=54321 protocol=udp to-addresses=10.1.1.129 \
to-ports=54321
In this example port 9724 TCP and UDP is forwarded to 10.1.1.143 and port 54321 to 10.1.1.129.
Hope this helps.