Forward and redirect port

RouterOS Forwarding Protocols
1

Dear Community,

I didn’t find a way to dest-nat requests to an incoming port (3051) to an other (3050) to an internal server.
Here is my conf:
1.JPG
2.JPG
When I log the flow, I can see:
09:39:50 firewall,info key dstnat: in:ether1_WAN1 out:(unknown 0), src-mac 00:1c:73:
05:0a:cf, proto TCP (SYN), 5.5.14.2:62971->18.18.16.4:3051, len 52
09:39:59 firewall,info key dstnat: in:ether1_WAN1 out:(unknown 0), src-mac 00:1c:73:
05:0a:cf, proto TCP (SYN), 5.5.14.2:62971->18.18.16.4:3051, len 48
But I can see requests on my internal server and connection is refused.

Could you please help me with this case?

Thank you in advance.

Regards,

2

Read this: http://forum.mikrotik.com/t/port-forwarding-problem/93224/14

Why do you use public IPs in internal network?

3

Thank you BartoszP for your help and your time, your link help me well to unblock this flow.
I used it because of a misunderstanding about Mikrotik router…

What I used:

add action=dst-nat chain=dstnat dst-port=3051 \
    in-interface=ether1_WAN1 protocol=tcp src-address-list=***** \
    to-addresses=172.25.11.55 to-ports=3050
add action=src-nat chain=srcnat dst-address=172.25.11.55 dst-port=3050 \
    protocol=tcp src-address=!172.25.0.0/16 to-addresses=172.25.10.254

if its can help…

4

The first part of that code, the dstnat lines look good!
It appears you change the incoming port to one that your server expects and you have limited access to the server to a list of WANIPs (better security!!).

The second part of the code, a source nat rule IS FOR WHAT PURPOSE??
Normally would look like
add action=src-nat chain=masquerade out-interface=WAN
or
add action=src-nat chain=masquerate out-interface=wan1-eth1 (which is basically the same thing)

Note: masquerade works for a dynamic IP address, if yours is static then best to use
action action=src-nat chain=srcnat out-interface=eth1-ppoee etc… to-addresses=wanip