Hi,

I have the following problem that just don’T make sense:

Old router routerboard 750GL router os version 5

0 chain=dstnat action=dst-nat to-addresses=192.168.88.253 to-ports=22
protocol=tcp in-interface=ether1-gateway dst-port=1234

New router routerboard RB2011UAS-in router os version 6

3 ;;; Acces wan server
chain=dstnat action=dst-nat to-addresses=192.168.0.253 to-ports=22
protocol=tcp in-interface=ether1-gateway dst-port=1234

In the ip/firewall/connections I can see when I’m connecting. The TSP state is sync sent for 10 sec and after it’s drop and I get a time out on putty!


The two router have default config.
I’m lost and just don’t know where to look?

Thanks for any input
S

You need to read up on how to do this, then you won't depend on various copy and paste snippets to work. Try this ...

Port Forward (map) to an internal LAN server. Note that you'll need to move the

last line via the GUI to be above DROP (if you have any in firewall) rules.

/ip address add address=MyPublicIP/24 interface=ether1-gateway comment="Set public IP of router to a public interface"
/ip firewall nat add chain=srcnat action=masquerade out-interface="ether1-gateway" comment="Turn on masquerading"
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp to-address=192.168.88.253 dst-port=1234 to-port=22 comment="Create an incoming port map rule"
/ip firewall filter add chain=forward action=accept protocol=tcp dst-port=22 comment="Add a filter exception for port mapped server"

The last rule should be allowing port 22, which is the translated port. Dst-nat is handled before forward firewall filter. For more security you could also add the translated IP address to the dst-address option.

I’ve adjusted it per your correction. Thank you.