dst-nat dont work, what is wrong ?

RouterOS Beginner Basics
1

Hi,
please, help me ... My Port forwarding dont work
On IP Address 192.168.100.55 ( LAN ) is www server whitch I want make visible on internet / WAN= 80.xxx.xxx.218

there is my configuration >

/ip firewal nat chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=Wan
/ip firewal nat chain=srcnat action=src-nat to-addresses=80.xxx.xxx.218 to-ports=0-65535 src-address=192.168.100.55
/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80
dst-address=80.xxx.xxx.218 dst-port=80 protocol=tcp

/ip firewall filter
1 chain=forward action=accept src-address=192.168.100.55

Route Table :
0 A S 0.0.0.0/0 r 80.xxx.xxx.217 1 Wan
1 ADC 80.xxx.xxx.216/29 80.xxx.xxx.218 0 Wan
2 ADC 192.168.100.0/24 192.168.100.98 0 LAN

OS - ver 3.10

2

Why u wanna forward all ports? As action use masquarde if u are connected to AP with single IP for all clients.

3

I am new at this too and am probably wrong but it looks like you have things a little backwards and don’t need some things.

Things happen in order, this needs to go below the src-nat(which you dont need).

/ip firewal nat chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=Wan

You don’t need this, its covered by what the masquerade does in what I understand your configuration to be.

/ip firewal nat chain=srcnat action=src-nat to-addresses=80.xxx.xxx.218 to-ports=0-65535 src-address=192.168.100.55

Looks good.

/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80 dst-address=80.xxx.xxx.218 dst-port=80 protocol=tcp

If your router had two IPs (one for the server, one for everyone else); it’s a slightly different story

4

[quote=“bobertperry”]I am new at this too and am probably wrong but it looks like you have things a little backwards and don’t need some things.

Things happen in order, this needs to go below the src-nat(which you dont need).

/ip firewal nat chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=Wan

You don’t need this, its covered by what the masquerade does in what I understand your configuration to be.

/ip firewal nat chain=srcnat action=src-nat to-addresses=80.xxx.xxx.218 to-ports=0-65535 src-address=192.168.100.55

Looks good.

/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80 dst-address=80.xxx.xxx.218 dst-port=80 protocol=tcp

Thanks for your reply, Now www server works propertly !
but I have next problem - how can I set ftp port forward ? I try set port 21 like 80 but it seems be not the same thing …

5

Make sure you have port 20 and 21. Also no need for another rule, just separate each port with a comma.
ie:

/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80 dst-address=80.xxx.xxx.218 dst-port=20,21,80 protocol=tcp

6

It must be probably in separated rules , becaouse on action page of rule is not posible set ports 20,21,

is port 20 udp or tcp ?

7

TCP. And it will let you set comma separated lists of ports there.

8

I mean, that NO .
action=dst-nat to-addresses=192.168.100.55 to-ports=80
here is action to-ports only one port , how can I translate port 21 to 80 ?
I don’t understand this

9

Oh ya, my bad. If you do it in one rule everything would be forwarded to port 80. My bad.