NAT problem - Where I'm making a mistake???

mann · June 17, 2005, 4:28am

Please tell me where I’m making a mistake. Story goes like this. Pppoe client connects to internet. On TIK’s pppoe server connect client. Internet works, masquerade is ok too but I can forward the port. I just can’t. TIK version is 2.7.14. Thanks

0 src-address=0.0.0.0/0:0-65535 in-interface=adsl-cl
dst-address=0.0.0.0/0:4666 protocol=all icmp-options=any:any flow=“”
connection=“” content=“” src-mac-address=00:00:00:00:00:00
limit-count=0 limit-burst=0 limit-time=0s action=nat
to-dst-address=10.0.0.1 to-dst-port=4666

1 src-address=0.0.0.0/0:0-65535 in-interface=adsl-cl
dst-address=0.0.0.0/0:10 protocol=all icmp-options=any:any flow=“”
connection=“” content=“” src-mac-address=00:00:00:00:00:00
limit-count=0 limit-burst=0 limit-time=0s action=nat
to-dst-address=10.0.0.1 to-dst-port=80

andrewluck · June 17, 2005, 6:06am

You’re trying to match too many items in the rule and the incoming traffic isn’t meeting all of the requirements. Try a simpler rule:

0 in-interface=adsl-cl dst-address=:4666 protocol=tcp action=nat
to-dst-address=10.0.0.1 to-dst-port=4666

Regards

Andrew

mann · June 17, 2005, 8:52am

Hm so you mean that I should put this protocol=tcp? Tried but no change. I even get up small http server to try but still can’t connect.

This is how it look’s now:

src-address=0.0.0.0/0:0-65535 in-interface=XXLadsl-cl
dst-address=0.0.0.0/0:1000 protocol=tcp icmp-options=any:any flow=“”
connection=“” content=“” src-mac-address=00:00:00:00:00:00
limit-count=0 limit-burst=0 limit-time=0s action=nat
to-dst-address=10.0.0.1 to-dst-port=80

I tried to do this: If someon connect to my outside ip on port 1000 my router should forward it to 10.0.0.1 (pppoe client) port 80. I really don’t see why it won’t work.

mann · June 17, 2005, 8:55am

SORRY guy’s. I tried to connect to myselfe trought outside ip and that didn’t work. But if someone try to connect from other side it works. THANKS andrewluck for help.

jarosoup · June 17, 2005, 3:17pm

Not sure if you got it working or not…

But, at least with 2.8, you can’t specify a destination port (of the destination address) unless you specify a protocol (tcp, udp, etc).