forwarding 22, 23 tcp and simultaneous connections

oxigeno20 · February 1, 2017, 1:54pm

Hi, I recently put a mikrotik router in a central office where a few branch offices access to an old system.

Before this Router they had a TP-Link Router. And all was work perfectly.

This system is accessed by telnet (insecure, I know!, but the programmers are very old, and they prefer the old school ways).

Basically the problem is that the branch offices open windows with telnet and sometimes the number of windows per branch office is 9.. 10.
Now with mikrotik they have a lot of troubles with these sessions.
I have tried to open simultaneous sessions with Putty, And the window number 8 that i open, shot me “conection closed”
The firewall is disabled, I have only a rule in NAT for forwarding the port incoming 23 to the linux server.
The programers have was increment the max-connection in the linux telnet server.

These week i put the TP-link router again and everything is working normally.

The routerboard i am using is “RB941-2nD-TC”
Version of RouterOS 6.30.4.

dgnevans · February 1, 2017, 2:21pm

Can you post your nat rules so we can see where the issue could be.

oxigeno20 · February 6, 2017, 1:44pm

Here you are,

/ip firewall nat
add action=dst-nat chain=dstnat comment="Forwarding 21" dst-address=181.182.183.184 dst-port=21 protocol=tcp to-addresses=192.0.0.15 to-ports=21
add action=dst-nat chain=dstnat comment="Forwarding 22" dst-address=181.182.183.184 dst-port=22 protocol=tcp to-addresses=192.0.0.15 to-ports=22
add action=dst-nat chain=dstnat comment="Forwarding 23" dst-address=181.182.183.184 port=23 protocol=tcp to-addresses=192.0.0.15 to-ports=0-65535
add action=masquerade chain=srcnat comment="defconf: masquerade"
add action=dst-nat chain=dstnat comment="redirect dns local a google" dst-address=192.0.0.200 dst-port=53 protocol=udp src-address=192.0.0.0/24 to-addresses=8.8.8.8 \
    to-ports=53

dgnevans · February 6, 2017, 6:57pm

firstly I would change the order of your nat rules. put your masq at the top and your dstnat below those.
Second thing I would do is put an out int on the masq rule. Basically put your wan interface as the out int,
Thirdly your port 23 put it to port 23.
Also add

dst-address-type=local

or all your dst nat rules
lastly make sure you have disabled the services on the router that run on the same ports. ssh ftp and telnet.

oxigeno20 · February 6, 2017, 7:02pm

dgnevans:

firstly I would change the order of your nat rules. put your masq at the top and your dstnat below those.
Second thing I would do is put an out int on the masq rule. Basically put your wan interface as the out int,
Thirdly your port 23 put it to port 23.
Also add
dst-address-type=local
or all your dst nat rules
lastly make sure you have disabled the services on the router that run on the same ports. ssh ftp and telnet.

Thanks for your support, i will try that and then tell you the results.