Hy everyone, been working with Mikrotiks for some time now and finally set up one at home so i could learn more. I have set up port forwarding for RDP and it works fine. I just copied that and added a new one fore minecraft only changing the ports to 25565 and it just wont work. I see requests coming in the log but neither the minecraft client or websites like www.yougetsignal.com/tools/open-ports/ and mcsrvstat.us/server/ dont see my minecraft server.
Btw im using Winbox as it seems more easier than terminal commands for me for now but i can do terminal.
I got a NAT rute as follows:
Chain: dstnat
Protocol: 6 tcp
Dst Port: 25565
In interface: pppoe-out
Action: dst-nat
To addr: 10.20.0.10
Exact same setup for RDP but does not work for minecraft
should be
/ip address
add address=10.20.0.1/24 comment=defconf interface=bridge network=10.20.0.0
You are missing input rules so your router is not protected from the internet?? Unplug it from the internet and add these rules immediately!!! We can modify them a bit better later but these work.
copy and paste!!!
ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=
“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1 (if not using capsman this rule can be removed)
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
disabled=yes in-interface-list=!LAN
The rest of the rules seem fine, assuming you meant to do port translation on RDP, coming in to router as 3399 and then translated so the server sees 3389
Anyways… Yes because i have seen viruses enter networks via RDP port specifically 3389 so changing it to 3399 seems “more” secure.
MC server just goes from 25565 to 25565
EDIT: I did notice A LOT of login attempts yesterday so disabled all services except for winbox
I would be tempted to netinstall a clean version of the OS (use long term version 6.47.9 I think) onto your router before using again to ensure things are clean.
Minecraft server should be the least of your worries at this point.
While I am aware of the risks of someone entering my network from the outside, I am also confident that nothing out of the ordinary has happened on my network since its only my PC, phone and TV that’s on it.
If you wish you could explain to me the Firewall rules you said i needed to apply to secure it since i thought that disabeling all services except for winbox and making my password secure i should be okay.
Note that when i said i noticed a lot of logins i ment i noticed like 50ish in the span of a few hours (after i woke up) and i decided to remove ssh, telnet and such to prevent this.
Also now i disabled the built in admin account, added my own with a 32 character long unique password and only allowing logins from my pc (using my PC’s IP address).
Now i just want to know why my port forwarding is not working and what can I do to fix it.
Would tidy this up for sure… the ones in red should be removed.
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add list=WAN
add list=WAN
add interface=pppoe-out list=WAN
Can you clarify if its EXTERNAL users that cannot reach or your server?
If by chance you mean internal users on the LAN, are they attempting to connect via the servers LANIP or the routers WANIP (loopback)?
Can you clarify if its EXTERNAL users that cannot reach or your server?
If by chance you mean internal users on the LAN, are they attempting to connect via the servers LANIP or the routers WANIP (loopback)?
I have Cloudflare setup for my domain that updates with my public IP (since it changes every 24h). Local connection works. Outside connections used to work but after i added the mikrotik as my main router (ISP’s router in bridge-mode) i wasen’t able to connect anymore.
So the issue is not necessarily the config…
Can you confirm that the client WANIP your router gets, is the same that cloudfare is reporting and is the same that is the MT cloud IP??
In other words, there is only ONE PUBLIC IP associated with your account??
I am assuming yes because RDP port forwarding seems to work just fine, which would logically tell one your firewall rules and destination nat rules are fine.
Then, I would only suspect that the Minecraft Server or PC its residing on are the issue.
Yes… Cloudflare has the same IP as my WAN and Mikrotik Cloud IP.
I know i used to be able to check via https://mcsrvstat.us/ if the server is working since it queries on the same port (port 25565) but its not working. Also port checker tools like https://www.yougetsignal.com/tools/open-ports/ also report open port for RDP but not for minecraft
Just saw your updated question… After disabling windows firewall the server is visible… Seems after connecting to my Mikrotik my PC changed my network type to Public not Private…
