Difficulties port forwarding

kaizokuj · Thu Mar 20, 2014 1:25 pm

Hi! I'm new to using mikrotik routers and am having some difficulties with the port forwarding..
I'm trying to forward some ports to a server I own, while I have been able to add a rule in the firewall for allowing people outside of my local network to connect to my services, I myself inside the same network can't seem to connect no matter what I try.

I read the guide for Hairpin NAT's and added the rule it suggests and still no luck.
I'm really rather at the end of my rope on this one, it's got me stumped something fierce I'm afraid..

Here is a pastebin of my config file, maybe someone could take a look and see what's up.
http://pastebin.com/WLuLtsFJ
Also nice to meet you all!

kaizokuj · Thu Mar 20, 2014 2:48 pm

I replaced the pastebin so if someone could remove the comment above that'd be great ^^

kaizokuj · Thu Mar 20, 2014 3:11 pm

And since the first comment was post the whole conf, here it is:

ros code

# jan/02/1970 00:38:10 by RouterOS 5.26
# software id = CCC3-Z64V
#
/interface bridge
add admin-mac=D4:CA:6D:0F:32:EB auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
    indoors l2mtu=2290 mac-address=C8:D3:A3:05:FD:E8 mode=ap-bridge name=WLAN \
    ssid=Lexie wireless-protocol=802.11
/interface ethernet
set 0 name=WAN
set 1 name=LAN
set 2 master-port=LAN name=ether3-slave-local
set 3 master-port=LAN name=ether4-slave-local
set 4 master-port=LAN name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    wpa-pre-shared-key=notmyrealpassword wpa2-pre-shared-key=\
    notmyrealpassword
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=LAN
add bridge=bridge-local interface=WLAN
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=\
    bridge-local
/ip dhcp-client
add comment="default configuration" disabled=no interface=WAN
/ip dhcp-server lease
add address=192.168.0.101 disabled=yes mac-address=50:E5:49:47:D8:AF
add address=192.168.0.106 mac-address=00:21:97:C4:61:AF
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=WAN
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=WAN to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=Minecraft dst-port=25565 in-interface=\
    WAN protocol=tcp to-addresses=192.168.0.106 to-ports=25565
add action=masquerade chain=srcnat dst-address=192.168.0.106 dst-port=25565 \
    out-interface=bridge-local protocol=tcp src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment=HTTP dst-port=80 in-interface=WAN \
    protocol=tcp to-addresses=192.168.0.106 to-ports=80
add action=masquerade chain=srcnat dst-address=192.168.0.106 dst-port=80 \
    out-interface=bridge-local protocol=tcp src-address=192.168.0.0/24
/ip neighbor discovery
set WAN disabled=yes
set WLAN disabled=yes
/system leds
set 0 interface=WLAN
/system routerboard settings
set cpu-frequency=400MHz
/tool mac-server
add disabled=no interface=LAN
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=WLAN
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=LAN
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=WLAN
add interface=bridge-local

rextended · Thu Mar 20, 2014 4:23 pm

Edit yourself the first post, or the password "...volvo..." embedded on pastebin is clearly visible.....

Later I check the config, also other users can do.

kaizokuj · Thu Mar 20, 2014 5:44 pm

I already did that.

rextended · Thu Mar 20, 2014 6:37 pm

I already did that.

NOT
on pastebin are available:

This paste has a previous version, view the difference.

kaizokuj · Thu Mar 20, 2014 7:39 pm

I actually did not know that pastebin had that feature, fixed now.