I can NAT Windows RDP but I can NAT Linux SSH.

auahelap · July 25, 2015, 7:00pm

Hello all,

as beginner I really need help with my mikrotik. I tried to configure NAT to access my Windows and Ubuntu Servers. NAT rules for Windows RDP can work with no issue but I dont know which configuration is wrong, NAT rules for Ubuntu is not working even I disable ssh, telnet, http and https service in Mikrotik.

Even if ssh, telnet, http, and https services is enable in Mikrotik, I can only access mikrotik through Winbox not the other method.

[admin@MikroTik] > ip firewall export 
# jul/26/2015 01:56:35 by RouterOS 6.30.2
# software id = L13X-7NQT
#
/ip firewall filter
add chain=input comment="default configuration" dst-address=139.193.xx.xx dst-port=22 protocol=tcp src-address=192.168.50.102
add chain=input comment="default configuration" connection-state=established disabled=yes in-interface=ether1-Internet
add chain=input disabled=yes dst-port=1723 protocol=tcp
add chain=input disabled=yes protocol=gre
add action=log chain=input disabled=yes dst-address=192.168.20.125 in-interface=ether1-Internet
add chain=input disabled=yes dst-port=22,80,443 in-interface=ether1-Internet protocol=tcp
add chain=forward disabled=yes dst-address=192.168.20.125 dst-port=80 out-interface=ether1-Internet protocol=tcp

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-Internet
add action=dst-nat chain=dstnat disabled=yes dst-port=22,23,80,1743 in-interface=ether1-Internet log=yes protocol=tcp to-addresses=192.168.20.125
add action=dst-nat chain=dstnat comment="VMware vSphere Client" disabled=yes dst-port=443,902,903 in-interface=ether1-Internet protocol=tcp to-addresses=\
    192.168.10.111
add action=dst-nat chain=dstnat comment="VMware vSphere Client" disabled=yes dst-port=443,902,903 in-interface=ether1-Internet protocol=udp to-addresses=\
    192.168.10.111
add action=dst-nat chain=dstnat comment=Asigra dst-port=3389,4103 in-interface=ether1-Internet protocol=tcp to-addresses=192.168.20.10
add action=dst-nat chain=dstnat comment=Ubuntu disabled=yes dst-address=139.193.xx.xx dst-port=22 log=yes protocol=tcp to-addresses=192.168.50.102 to-ports=\
    22
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.20.125 dst-port=80,22,443,1743 out-interface=vlan20 protocol=tcp src-address=\
    192.168.20.0/24
add action=dst-nat chain=dstnat dst-address=139.193.xx.xx dst-port=80 protocol=tcp to-addresses=192.168.20.125 to-ports=80
add action=dst-nat chain=dstnat dst-address=139.193.xx.xx dst-port=443 protocol=tcp to-addresses=192.168.20.125 to-ports=443
add action=dst-nat chain=dstnat dst-address=139.193.xx.xx dst-port=1743 protocol=tcp to-addresses=192.168.20.125 to-ports=1743
add action=dst-nat chain=dstnat dst-address=139.193.xx.xx dst-port=1745 protocol=tcp to-addresses=192.168.20.125 to-ports=1745
add action=dst-nat chain=dstnat dst-address=139.193.xx.xx dst-port=22 protocol=tcp to-addresses=192.168.50.102 to-ports=22
/ip firewall service-port
set pptp ports=1723

I tried few things such as disable all rules and enable one only, move up and down the rules, tried different target server but all the effort still has no luck. can’t access the mikrotik ssh and telnet also very weird.

please help me.