I’m running 6.25 and I’d like to open a port from the outside to a system inside.
This is what I created through the web interface on the router:
7 ;;; port 8322 to 192.168.29.33
chain=forward action=accept protocol=tcp dst-address=192.168.29.33
dst-port=8322 log=no log-prefix=“”
Aside from getting it setup initially and configuring the dhcp I’ve done no other configuration.
but when I attempt to connect to the address at that port I get connection refused. Connecting to the port directly (from behind the router) works fine.
When I type in the command you recommend the word action goes red and I get a syntax error on column 11 which is the equals sign. Is netmap something I need to add to my router?
Ah, fixed part of the problem, wasn’t in the NAT area under ip firewall. But still not working:
[admin@] /ip firewall nat> print
[…]
1 ;;; 8322 to .29:8322
chain=dstnat action=netmap to-addresses=192.168.29.33 protocol=tcp
in-interface=ether1 dst-port=8322 log=no log-prefix=“”
took this out then put it back to no affect:
[admin@] /ip firewall filter> print
[…]
7 ;;; 8322 to .29:8322
chain=forward action=accept protocol=tcp dst-address=192.168.29.33
dst-port=8322 log=no log-prefix=“”
What do the rest of your firewall rules look like? It’s very possible the packets are being dropped/rejected before they even hit the dst-nat.
chain=dstnat action=dst-nat to-addresses=10.10.aa.bb to-ports=80 protocol=tcp dst-address=82.177.xx.yy dst-port=60080
Public 82.177.xx.yy:60080 to internal 10.10.aa.bb:80.
lordK had it. RouterOS is actually behaving correctly, I didn’t realize this because my old Netgear didn’t behave correctly and allowed me to test by connecting to my external ip from an internal host…RouterOS was dropping those packets, which according to my office network staff is what it should do…
Thanks!