I’m going to put this in the beginner section because it seems like this should be a simple easy standard thing but I’m stuck on it. I have a program running on a win 10 pc, its used to access a remote device at another location via tcp port 37777. No matter what I’ve tried it cant make the connection from behind my microtik router. Heres what I know for a fact.
The PC can make the connection when connected to the ISP directly.
The PC can make the connection when connected to the backup isp directly.
The PC cannot make the connection via either ISP when connected through the router.
I only have the default config firewall filter rules in place. There is nothing custom about this build save the nat for 37777 coming in, which works fine for the other device that is located on network.
Somehow the microtik seems to be filtering 37777 with no rule I can find to do so.
Any ideas?
Remove any filtering for the port 37777 from your ISPs router and MikroTik router, if there is any…
If it still doesnt work disable all firewalls and test again…
Also you could try and use PPPoE client from the MikroTik side to get internet and not dhcp client which i guess you are using…
Remove any filtering for the port 37777 from your ISPs router and MikroTik router, if there is any…
There is none in the microtik that I can find, there is none in the isp modems as proven by using them as a direct connection.
If it still doesnt work disable all firewalls and test again…
disabled windows firewall, disables all entries in firewall filters in microtik, no change
Also you could try and use PPPoE client from the MikroTik side to get internet and not dhcp client which i guess you are using…
not using PPPoE, service is bridge mode cable modem for primary or cellular access point as a secondary.
ISP>bridged modem> PC works fine, also is a public IP
ISP>bridged modem>Microtik> PC fails
Then it seems the problem is the NAT between your Router and the ISP.
Do you have internet in your PC ( When connected to MikroTik ) ?
Configuration Export ? ( Inside code tags please)
Do you have internet in your PC ( When connected to MikroTik ) ? yes there is no problem with general access or any other service running on any other port at all.
Configuration Export ? ( Inside code tags please)
I’m unsure of exactly what you need here, I can backup the programming but that would require the logins, is there another option to generate the config and then post to an ftp or dropbox? There is no option that I am familiar with to export the config generically but again that’s why I put the post here b/c I’m more dangerous when it comes to routing than I am advised 
Open a new terminal and type
export file=config hide-sensitive
download the file from files and copy paste your export here, or type
export hide-sensitive
and copy from terminal…
Guessing you are trying to access a NVR outside your lan.
Is there any other router in front of Mikrotik? I’ve got some strange issues in the past while using double NAT.
If you are using upnp on local Mikrotik, try disabling it. Might interfere with the other device on your local lan also registering port 37777 in fw (if I understood correctly)
Let me guess, this dstnat rule does not specify any destination, i.e. it doesn’t have any dst-address, dst-address-list, dst-address-type, in-interface or in-interface-list. If it’s the case, guess what will happen, when it sees outgoing packet to that port.
Sob i have already suggested in my previous posts to
Remove any filtering for the port 37777 from your ISPs router and MikroTik router, if there is any…
and then try again…
Libram11 said there is no filters in the MikroTik…!
Personally I’d be looking for “filtering” in “/ip firewall filter”, and I do believe there’s no such thing for port 37777. But if there’s:
/ip firewall nat
add chain=dstnat protocol=tcp dst-port=37777 action=dst-nat to-addresses=<address of internal server>
it will work great for incoming connections, but will also break all outgoing connections to same port. Quick fix is to add dst-address-type=local.
Am familiar with nat Sob, no worries…
I wasn’t even thinking about it looping back the port because it didn’t have a more clearly defined scope. All I had to do was specify that the dst-nat was only applied to the wan interfaces in incoming packets. That cleared it right up. Thank you guys so much:)