4011 set up for hosting a game server.

RouterOS Beginner Basics
1

I installed a game server on a VM in my home.

The game server requires the following ports to be opened:
Port Protocol Description
7948 UDP Monitored Harmony, the VU networking layer.
25200 UDP Frostbite networking layer.
47200 TCP Remote administration protocol (RCON).

I did the usual port forwarding on this, but am not sure if I set it correctly, as my friends can not connect.

For example, on the rule for 7948, I set:
Chain=forward
Dst. Address=192.168.1.47
Protocol=UDP
Dst. Port=7948

Is there more i should add to the rules for this? Is there anything I should change?

Also, my ubuntu machine that is hosting has no firewall currently enabled.

2

Dst-address is matching against original packet’s dst-address which will normally be router’s WAN address. The action property is to-addresses=192.168.1.47.

3

Thanks mkx, where do i find the to-address in winbox? I am only seeing the dst. address option.

4

Can’t verify with winbox right now, in webfig it’s way down the page with NAT rule, near action selector.

5

Just make sure you limit access to your servers using source addresses on the dst-nat rules, as a starting point otherwise you will open yourself up to hacking running open servers…
There is a reason most people dont, and game servers are run by huge corps…

6

Thanks again.

I am currently in webfig.

Ip->firewall->NAT

i can’t find to-address anywhere. Even when I search “to-” I get 0 results. I think I am definitely missing something.

7

I am looking at WinBox, so I can answer that one.
In the NAT rule, on the General tab, the first selection is Chain (which will normally be dstnat in this case). The second selection is Src. Address (which will likely be blank in this case), and the third selection is Dst. Address. That is where you would put your public IP (if desired). Note, that it may not be needed. I don’t specify the Dst. Address at all, but I do specify the In. Interface a bit farther down the NAT page (in my case it is my Fiber Internet or my Cable Internet depending on which on this particular NAT is expected to use). In my case, I am NOT using a bridge in the router - if you are, that setting may be different.

8

Thanks K6,

That clarified quite a bit. In my mind I was attempting a port forward in the nat rules, rather than just opening them.

So, in the filter rules, I have a few rules created to send anything through those ports to the hosted machine.

Filter Rules:
Chain=forward
Dst. Address=192.168.1.47
Protocol=UDP
Dst. Port=7948

Nat Rules:
Chain=dstnat
Protocol=UDP
Dst. Port=7948
in-interface=ether1

Does this look like it is done correctly?

9

In neither of those have your shown the action. In the case of the NAT rule, the Action is dst-nat, the To address is 192.168.1.47. For the filter rule, the Action will be accept.
Both of those are in their simplest form - you may want or need to get more detailed…

10

K6, yes, you are correct.

The to-address appears when you adjust the action to dst-nat. Once it appears, I set the to-address and the to-port.

It is all working now.

NAT:
Chain=dstnat
Protocol=UDP
Dst. Port=7948
in-interface=ether1
action=dst-nat
to-address=192.168.1.47
to-port:7948

11

Glad I was able to help.

And Ooooh, Ooooh, my 1,000th forum post!

12

lol congrats! thanks again!