Help with Port Forward

BassTeQ · July 26, 2018, 3:09am

Hi all,

I’ve just setup this router and used the quick settings to get it up and running, I have internet connectivity.
ether1 is WAN and ether2 is LAN (192.168.100.X)

I’ve attempted to setup a port forward, however it’s not getting though, have I missed something?

Appreciate any help.

Thanks!

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface=ether1 

 1    chain=dstnat action=dst-nat to-addresses=192.168.100.150 to-ports=22 protocol=tcp in-interface=ether1 
      dst-port=22 log=yes log-prefix="" 


[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 2    ;;; defconf: accept established,related
      chain=input action=accept connection-state=established,related 

 3    chain=forward action=accept protocol=tcp in-interface=ether1 dst-port=22 log=no log-prefix="" 

 4    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether1 log=no log-prefix="" 

 5    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related 

 6    ;;; defconf: accept established,related
      chain=forward action=accept connection-state=established,related 

 7    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

 8    ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1

mkx · July 26, 2018, 9:16am

You can successfully connect to 192.168.100.150 using ssh client from another LAN computer?

Do you see counters for FW filter that allows SSH connections increasing if you try to connect from WAN?

BassTeQ · July 26, 2018, 9:26am

Hi Thanks for the reply, I’ve managed to get it working now.
It was my fault, I was using the WAN gateway IP address, not the router WAN IP address, when trying to connect.

I wanted to get this router all working and configured before I switch it out with my current router, so to this this I used a 2nd NIC in one of my PC’s as a dummy WAN, this allowed my to configure it with the same LAN IP scope 192.168.100.x and not affect the current network.

Cheers

hadjieff · July 30, 2018, 6:46am

hi. how to forward port 22
i have a ubuntu server connect ssh 192.168.1.91:22
its no work

3-portchecker.cocheck.JPG

BassTeQ · July 30, 2018, 6:59am

I’d first be checking to ensure the firewall isn’t blocking connections on that port. Check if you can connect to 192.168.1.91:22 from inside your lan?
Try changing your NAT rule, General > DST-PORT to 9022, and leave internal port in Action as 22.
See if you can connect on port 9022 externally.

hadjieff · July 30, 2018, 7:10am

Check if you can connect to 192.168.1.91:22 from inside your lan?

inside no problem

BassTeQ · July 30, 2018, 7:57am

Disable any firewall rules that may be dropping packets.