dst-nat not working for some traffic- desperate help needed

ma77smith · December 18, 2007, 5:35pm

I have several NAT rules in my MT, port forwarding traffic such as http,https,ssh and some VOIP ports.

What I dont understand is some of them work and some don’t, even though they have been setup identically in winbox.

example, my public ip is 10.10.10.10 (ether2) and I have an SSH server in ether3 on 192.168.10.2

I have a chain dst-nat and dst address of 10.10.10.10 protocol tcp and dst port of 22. then an action of dst-nat to 192.168.10.2 port 22

I have exactly the same for all, this ssh rule doesn’t work but http does.

My UDP rules don’t work either, this maybe expected as NAT can break some protocols - but how can I get around this? I can’t give my voip server a public IP

any ideas?

thank you in advance

sergejs · December 19, 2007, 8:31am

Posts non-working rules here.
‘ip firewall nat export’ to get them.

ma77smith · December 19, 2007, 9:38pm

Figured it out, didn’t realise it but using Winbox the destination protocol had become unticked, so the destination port was greyed out. So although the destination port was shown in the rule list screen (this shows the action dst port, not the true dst port) there was effectively no specific port and the rule became a ‘catch all’ rule to the public IP. So all the rules above it (which were more specific) worked, and the rules below it didn’t.

Hope this helps other noobs