Hi,
I’ve got an RB750 setup, one interface connected to a broadband router and the other to my LAN. It’s working perfectly for internet access.
Now i’m trying to get inbound port forwarding working. I added this:
/ip firewall nat add chain=dstnat dst-port=3389 action=dst-nat protocol=tcp to-address=192.168.50.150 to-port=3389
If I telnet externally to my public IP on 3389 I can’t connect. However I can see the bytes and packets count increase for that NAT rule.
Thanks
Hi, have you tried to redirect all the traffic from your broadband router to your routerboard using DMZ host? That has to be done in the broadband router
Since NAT counters are increasing, I would think the upstream router is isolated. So I would check two things:
Does the WAN interface on the RB750 have a public ip?
Are you trying this from the RB750 localnet? If so, that probably won’t work. You need to test it from a remote (internet) computer.
Can you telnet to 192.168.50.150 port 3389 from the RB750 localnet?
I usually use an in-interface or dst-address on a dstnat rule.
/ip firewall nat
add chain=dstnat in-interface=ether1 dst-port=3389 action=dst-nat protocol=tcp to-addresses=192.168.50.150 to-ports=3389
Change ether1 to the name of your wan interface.
You should also create a allowance rule in your forward chain of the filter rules.
Dear all, I am using Mikrotik(5.20) + Squid Box(ubuntu based)… i am facing an issue that squid is blocking my Media server IP(this i have connected after mikrotik)…
Can any one pl tell…how to exclude a specific ip address(media server) in mikrotik DST-NAT RULE so that mikrotik should not send sharing server request to squid, it should open it directly ..???
