I have WAN 77.237.123.xxx and it is static. RB LAN IP 10.1.1.254. When I enter WAN address into web browser it opens my RB login page. I don’t want that. I need to forward a few ports to internal machines but I can only forward NAT over port 80.
/ip firewall nat add chain=dstnat dst-address=77.237.123.xxx protocol=tcp dst-port=80
action=dst-nat to-addresses=10.1.1.xx to-ports=80
Only this works, any other port - nothing. And I need to access 3 machines on internal network.
I have in firewall NAT rules: chain srcnat out-interface-wan masquarade
Other than that i have:
input 1 (icmp) accept
input in interface wan accept connection state-established
input in interface wan accept connection state-related (here is 0 traffic)
forward bittorent on tcp drop
I more details are needed would be happy to provide. Please help me.
Thanks
that is because you haven’t forwarded the other ports.
when a packet comes in with port 80 the router will forward that packet onto the machine you specified as the rules dictated, but if anything <80 or >80 comes in it’ll think its for itself as there are no rules telling it other wise.
Just change the IP addresses, port numbers, WAN interface name, copy and paste this code in terminal:
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=WAN
add action=src-nat chain=srcnat comment=“” disabled=no protocol=tcp
src-address=10.1.1.143 src-port=9724 to-addresses=77.237.123.xxx
to-ports=9724
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=
77.237.123.xxx dst-port=9724 protocol=tcp to-addresses=10.1.1.143
to-ports=9724
add action=src-nat chain=srcnat comment=“” disabled=no protocol=udp
src-address=10.1.1.143 src-port=9724 to-addresses=77.237.123.xxx
to-ports=9724
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=
77.237.123.xxx dst-port=9724 protocol=udp to-addresses=10.1.1.143
to-ports=9724
add action=src-nat chain=srcnat comment=“” disabled=no protocol=tcp
src-address=10.1.1.129 src-port=54321 to-addresses=77.237.123.xxx
to-ports=54321
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=
77.237.123.xxx dst-port=54321 protocol=tcp to-addresses=10.1.1.129
to-ports=54321
add action=src-nat chain=srcnat comment=“” disabled=no protocol=udp
src-address=10.1.1.129 src-port=54321 to-addresses=77.237.123.xxx
to-ports=54321
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=
77.237.123.xxx dst-port=54321 protocol=udp to-addresses=10.1.1.129
to-ports=54321
In this example port 9724 TCP and UDP is forwarded to 10.1.1.143 and port 54321 to 10.1.1.129.
Hope this helps.