Help with Apple APn Push

emersonschuede · September 28, 2017, 4:02pm

Hi how i can open ports for my macos server?

so these port’s
5223
2195
2196
443

and this network for apple push

17.0.0.0/8

so i made this rules, redirecting the ports on router to my mac server, but still receiving the fail push notifications.

;;; APPLESERVER 2195
chain=dstnat action=dst-nat to-addresses=172.16.104.21 protocol=tcp
dst-address=177.8.160.122 in-interface-list=all dst-port=2195 log=no
log-prefix=“”

37 X ;;; APPLESERVER 2196
chain=dstnat action=dst-nat to-addresses=172.16.104.21 protocol=tcp
dst-address=177.8.160.122 in-interface-list=all dst-port=2196 log=no
log-prefix=“”

38 X ;;; APPLESERVER 5223
chain=dstnat action=dst-nat to-addresses=172.16.104.21 protocol=tcp
dst-address=177.8.160.122 in-interface-list=all dst-port=5223 log=no
log-prefix=“”

39 X ;;; APPLESERVER 443
chain=dstnat action=dst-nat to-addresses=172.16.104.21 protocol=tcp
dst-address=177.8.160.122 in-interface-list=all dst-port=443 log=no
log-prefix=“”

40 X ;;; Apple APN
chain=dstnat action=dst-nat to-addresses=172.16.104.21
src-address=17.0.0.0/8 log=no log-prefix=“”

pcunite · September 28, 2017, 4:18pm

MikroTik port forwarding example

/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop comment="Drop all other input"

add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat comment="Allow Port forwards"
add chain=forward action=drop comment="Drop all other forward"

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat in-interface=ether-WAN protocol=tcp to-addresses=1.2.3.4 dst-port=123 to-ports=123 comment="Sample Port Forward"

emersonschuede · September 28, 2017, 5:02pm

pcunite:

MikroTik port forwarding example

/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop comment="Drop all other input"

add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat comment="Allow Port forwards"
add chain=forward action=drop comment="Drop all other forward"

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat in-interface=ether-WAN protocol=tcp to-addresses=1.2.3.4 dst-port=123 to-ports=123 comment="Sample Port Forward"

thks, i didn’t make the filter rules, but already have the masquerade.

so i’ve tested my rules, changing the wan and worked,