Hallo all.
I need some help because my port forwarding doesn’t work correctly.
I have rb750gr3 and 2 virtual servers with turned off firewall based on RHEL 9.
Before port forwarding i try nmap external IP from local and wan. Ports 25565 and 80 are closed.
After port forward i also try nmap external IP from local and wan.
Ports 25565 and 80 are filtered.
After that i add nat rule for local network and porst 25565 and 80 are open, but nmap from wan says that ports are filtered.
I asked the provider if there are restrictions on port blocking. They said what no rules are bloking my ports.
That’s my firewall export:
[admin@MikroTik] > ip/firewall/export
# oct/20/2023 16:31:40 by RouterOS 7.9.2
# software id = SZTP-T6JT
#
# model = RB750Gr3
# serial number = <serial>
/ip firewall address-list
add address=x/30 list=WAN
add address=192.168.10.0/24 list=LAN
/ip firewall filter
add action=accept chain=input dst-port=500,1701,4500 in-interface=ether1 \
protocol=udp
add action=accept chain=forward connection-nat-state=dstnat dst-address-list=\
WAN dst-port=25565 protocol=tcp
add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.10.6 dst-port=25565 \
protocol=tcp src-address-list=LAN
add action=masquerade chain=srcnat dst-address=192.168.10.7 dst-port=80 \
protocol=tcp src-address-list=LAN
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=80 protocol=tcp \
to-addresses=192.168.10.7
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=25565 protocol=\
tcp to-addresses=192.168.10.6 to-ports=25565
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=25565 protocol=\
udp to-addresses=192.168.10.6 to-ports=25565
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN to-addresses=x
/ip firewall service-port
set ftp disabled=yes
set sip disabled=yes
Please help me because i don’t no what to do next.