Destination NAT with PPP Connection

nzliam · September 1, 2009, 12:56am

Hi,

I’m trying to setup Destination NAT on a PPP interface. I have made the following rules however I dont beleive they are correct?

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=masquerade out-interface=ppp-out1

 1   chain=dstnat action=accept protocol=tcp dst-address=10.0.0.1
     in-interface=ppp-out1 src-port=22 dst-port=22

 2   chain=dstnat action=accept protocol=tcp dst-address=10.0.0.1
     in-interface=ppp-out1 src-port=25 dst-port=25

 3   chain=dstnat action=accept protocol=tcp dst-address=10.0.0.1
     in-interface=ppp-out1 src-port=80 dst-port=80

 4   chain=dstnat action=accept protocol=tcp dst-address=10.0.0.1
     in-interface=ppp-out1 src-port=443 dst-port=443

 5   chain=dstnat action=accept protocol=tcp dst-address=10.0.0.1
     in-interface=ppp-out1 src-port=3389 dst-port=3389

I want to allow inbound TCP on 22, 25, 80, 443 and 3389 to IP 10.0.0.1.

Any help would be appreciated.

Thanks

Liam

kirshteins · September 1, 2009, 5:20am

Remove the src-port property from those rules and they should be fine.

nzliam · September 1, 2009, 6:40am

I could remove that, however that will break my LAN’s internet access.

Can I setup a PPP connection to DMZ to an IP instead?

hacki · September 1, 2009, 8:27am

do you have a firewall rule?
a nat rule doesn’t have an action like accept or deny.

something like this could help
add action=accept chain=input comment=“Access” disabled=no dst-port=
22 in-interface=pppoe-out1 protocol=tcp

Chupaka · September 1, 2009, 3:34pm

if you want to redirect all incoming requests for these ports to address 10.0.0.1, then you should use the following:

chain=dstnat in-interface=ppp-out1 protocol=tcp dst-port=25 action=dst-nat to-addresses=10.0.0.1 to-ports=25