Hi
Very new to this, first install CCR1009 router, dual WAN, using load balancing, everything works great, except NAT port forwarding, I have followed the directions but it keeps rejecting my attempts to connect, here are my firewall rules:
Thunder is the name of my bridge, WAN1 is my static IP address that I am trying to connect to remotely on the ports listed in the NAT section below, any suggestions?
ip firewall filter
add chain=input protocol=icmp
add chain=input
add action=fasttrack-connection chain=forward
add chain=forward
/ip firewall mangle
add chain=prerouting dst-address=1XXXXXXXX/30 in-interface=Thunder
add chain=prerouting dst-address=192.168.0.0/24 in-interface=Thunder
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
add chain=prerouting dst-address=1XXXXXXXXX/30 in-interface=Thunder
add chain=prerouting dst-address=192.168.0.0/24 in-interface=Thunder
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Thunder new-connection-mark=WAN1_conn per-connection-classifier=
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Thunder new-connection-mark=WAN2_conn per-connection-classifier=
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=Thunder new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=Thunder new-routing-mark=to_WAN2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=tcp src-port=8000 to-addresses=10.20.0.5 to-ports=443
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=udp src-port=8000 to-addresses=10.20.0.5 to-ports=443
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=tcp src-port=8015 to-addresses=10.20.0.15 to-ports=4370
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=udp src-port=8015 to-addresses=10.20.0.15 to-ports=4370
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=udp src-port=8016 to-addresses=10.20.0.16 to-ports=4370
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=tcp src-port=8016 to-addresses=10.20.0.16 to-ports=4370
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=tcp src-port=8017 to-addresses=10.20.0.17 to-ports=4370
add action=dst-nat chain=dstnat in-interface=WAN1 protocol=udp src-port=8017 to-addresses=10.20.0.17 to-ports=4370