When following this guide:
http://wiki.mikrotik.com/wiki/How_to_link_Public_addresses_to_Local_ones
Are all ports (udp/tcp) open by default? Assuming there are not any filter rules applied?
Yep
i had to forward a port for one to be open following that guide above. what am i missing to open all udp/tcp ports. (all be forwarded to internal client)?
It’s just NAT. Add a NAT rule without any port or protocol qualifiers. To NAT 192.168.1.10 to 1.1.1.1:
/ip firewall nat
add chain=srcnat dst-address=192.168.1.10 action=src-nat to-address=1.1.1.1
add chain=dstnat dst-address=1.1.1.1 action=dst-nat to-address=192.168.1.10
If you need more specific help than that post some details.
Here is what I put in:
chain=srcnat action=src-nat to-addresses=216.8.213.22
dst-address=172.25.100.10
chain=dstnat action=dst-nat to-addresses=172.25.100.8
dst-address=216.8.213.22
I have to open a port above it with:
chain=dstnat action=dst-nat to-addresses=172.25.100.10 to-ports=22
protocol=tcp dst-address=216.8.213.22 dst-port=22
to be able to ssh to my server. I have seen examples where 0-65535 was to-ports but that was for 2.9x
Your destination NAT rule specifies 172.25.100.8, while your source NAT rule specifies 172.25.100.10. The specific tcp/22 destination NAT rule correctly specifies 172.25.100.10.
So the NAT rule is working, it’s just forwarding traffic to the wrong internal IP. Fix the destination IP address and it should work.
Thanks fewi! Big miss on my part.
So why on the srcnat rule are we using dst-address instead of src-address?
Whoops. We’re not. My bad. Should be src-address on src-nat, of course.
No problem - wanted to make sure others who found this wouldn’t be misunderstood.