Cant Open Ports

Molatudi · June 18, 2021, 8:00am

Hi guys. I seem to have a problem with opening ports on this particular RB750Gr3, Firmware 6.48.3. I have 4 NAT Rules Configured the same way, just different Ports. (See attached Pictures). I have no Firewall Rules Configured.
But when I run for a Port Scan on nmap, it shows all these 4 Ports as closed and no traffic is flowing through them as well. I have another RB750Gr3 configured exactly the same way and it’s working 100%. But this one is just refusing. I’ve even Reset it a few times, but still no joy…

What could be the problem? Please help

Thank You

mkx · June 18, 2021, 8:11am

First verify that internal server is actually accepting connections on TCP port 25.

Then you can enable LOG flag, try remote connection and see if log contains anything.
One thing you should be aware: some ISPs block port 25 (SMTP) towards clients because SMTP protocol is often used for malicious activities (spamming, phishing, you name it).

Molatudi · June 18, 2021, 8:26am

Ive just tested Remote Access on Port 3389. Also cant get through. I’ve attached a copy of the Log Report from the Mikrotik. I’ve also checked with my ISP, none of my ports are blocked by the them. This system was working fine all along until Saturday when my Zyxel Router died from a Power Surge. I then moved to this Mikrotik and I’ve been struggling to get it to work since.

erlinden · June 18, 2021, 8:46am

Can you please share your configuration?
/export hide-sensitive file=anynameyoulike

I have no Firewall Rules Configured.

Hopefully you mean no additional rules?

sid5632 · June 18, 2021, 8:48am

Why are you using nmap to test .88.1 when you are trying to NAT to .88.3?
Post configuration exports, not stupid massive screenshots.
Your blobbing of the dest. address is also pointless, as it is there for all to see, twice, in the screenshots.

Molatudi · June 18, 2021, 12:16pm

This is my current config. Ive done this config a thousand times in the past with no issues, but right now its not working. I’ve tried 3 different Routers, no joy!

jun/18/2021 14:09:37 by RouterOS 6.48.3

software id = SBVY-3BTC

model = RouterBOARD 750G r3

serial number =

/interface l2tp-client
add add-default-route=yes allow=pap,chap connect-to=102.221.yyy.yyy disabled=
no name=l2tp-out1 user=molatudi
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.101-192.168.88.103
/ip dhcp-server
add address-pool=dhcp interface=ether2 name=dhcp1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add list=LAN
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=25
protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=53
protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=3389
log=yes protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=135
protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=443
protocol=tcp to-addresses=192.168.88.3
/system clock
set time-zone-name=Africa/Johannesburg

CZFan · June 18, 2021, 2:05pm

Is this the “full” config, i.e. there is no Firewall Filter rules?

If not full config and there are firewall filter rules, then make sure you have a rule that allows Destination NAT

anav · June 18, 2021, 3:00pm

Yeah no firewall rules and connected to the internet… just plain dumb if thats the case, will assume you are just using it in a lab.

As for Ive done this configuration 1000 times doesnt mean you have clue

Take this for example.
/interface list member
add interface=ether1 list=WAN
add list=LAN

Okay brainiac what does that do?? No I am curious really

BartoszP · June 18, 2021, 4:11pm

It does not help. Really. No matter how many spells you cast on that sentence.

anav · June 18, 2021, 4:37pm

Thats why you are here Bartoz… I am not the patient llama unless the person provides a decent networking diagram, has shown the config, and has zero arrogance…
Besides, in general I dont help folks who want to access their router from the internet over www and likewise I dont help people that refuse to use firewalls (in general unless of course people have edge routers or other circumstances where its acceptable). Or folks clearly trying to circumvent company rules etc etc…