Dynamic records in NAT

RouterOS Beginner Basics
1

Hello.
In “ip firewall nat” table appears dynamic dstnats from LAN1 public IP address to anothers LANs IP address.
This lines remains in table but I can’t see its in “print” command. How these lines grows up and why remains there?

/ip firewall nat
add action=src-nat chain=srcnat comment="NAT1" disabled=no out-interface=ether1-GATEWAY src-address=192.168.1.0/24 to-addresses=x.x.x.51
add action=src-nat chain=srcnat comment="NAT2" disabled=no out-interface=ether1-GATEWAY src-address=192.168.2.0/24 to-addresses=x.x.x.52
add action=src-nat chain=srcnat comment="NAT3" disabled=no out-interface=ether1-GATEWAY src-address=192.168.3.0/24 to-addresses=x.x.x.53

I see dynamic lines in winbox table. For example:

dstnat dstaddress=x.x.x.51 dstport=tcp 2020 toaddress=192.168.3.120
dstnat dstaddress=x.x.x.51 dstport=udp 28963 toaddress=192.168.2.7

All dynamic dst addresses is public address x.x.x.51 for LAN1, but to addresses from another LANs not to 192.168.1.x
Where I see x.x.x.51 is record in route list:
DAC dstaddress=x.x.x.48/28 gateway=ether1-GATEWAY reachable pref.source=x.x.x.51
Maybe preffered source is what appears in dynamic nat?

Thank you for explain.

2

I’m sorry, I read this a few times and I don’t think I understand what you’re asking.

3

Please see picture, I don’t understand, why white background lines appears.
More “dst address” is .51 but “to address” is not 192.168.1.x.
And these lines are still there so long as I delete its.
Untitled-2.gif

4 
/ip upnp set enabled=no

http://wiki.mikrotik.com/wiki/Manual:IP/UPnP

You have UPnP enabled and people are opening dynamic port forwarding holes on your router.

5

Thank you for explanation Fewi!
It’s interesting feature, but it’s crazy that it’s enabled in default configuration :slight_smile:

6

By default it is disabled.

7

Ok, I’m not aware I do enable it, but I do too much test settings so it’s possible… Thank you.