I am performing a migration from another brand of router. I have about 10 servers to configure in port forwarding.
I have configured my network and I can browse correctly on the lan, and on the internet from every device.
I have a connection with an operator router (Iliad, Italy) set in ONT mode, connected to ether1.
Iliad has a MAP-E based network, and it gives me connectivity in ipv4 with static address and limited number of ports (the same ip address is shared among 4 users). In my case the available incoming ports are in the range 1k-16k.
I was able to configure the connection, but I can't get connections on incoming ports, it seems that port forwarding has some problem in my configuration, and I can't figure out if the problem is on the incoming NAT, in the WAN configuration, or in some firewall rule.
If I enable logging on the port forwarding rule I can see incoming connections, and they are marked like this:
Code: Select all
dstnat: in:ether1 out:(unknown 0), connection-state:new src-mac XX:XX:XX:XX:XX:XX, proto TCP (SYN), 18.196.213.123:34399->XX.XX.XX.XX:15027, len 64This is my configuration:
Code: Select all
/interface bridge
add name=bridgeLAN
/interface list
add name=WAN
add comment=defconf name=LAN
/ip pool
add name=pool1 ranges=192.168.188.0/24
add name=dhcp_pool1 ranges=192.168.188.2-192.168.188.99
/interface list member
add interface=ether1 list=WAN
add comment=defconf interface=bridgeLAN list=LAN
/ip address
add address=192.168.188.1/24 interface=bridgeLAN network=192.168.188.0
/ip dhcp-client
add interface=ether1
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=accept chain=input connection-state=new in-interface-list=LAN
add action=accept chain=input protocol=icmp
add action=drop chain=input log=yes log-prefix=DROP
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="tcp masquerade" out-interface-list=WAN protocol=tcp to-ports=1050-16383
add action=masquerade chain=srcnat comment="udp masquerade" ipsec-policy=out,none out-interface-list=WAN protocol=udp to-ports=1050-16383
add action=masquerade chain=srcnat comment="portless masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="traccar teltonika" dst-port=15027 log=yes protocol=tcp to-addresses=192.168.188.106 to-ports=5027Thanks a lot.