Hi Everyone,

I have never set up a dedicated DSL line and I am having issues with NAT.
I have interface 1 with a PPPoE client which is connected and working - I can get on the net. It has the CE address provided by the ISP on the PE network as provided by ISP.

I have various nat forwarding rules which work on other identical routers but the traffic is being received but nothing happens with it

I would like to write more but I think it would be easier to dump the config to you all. I am remotely connectected via web interface.

A port scan shows the following result.
Edit: Open ports now say ‘Thread was being aborted’

http://oi34.tinypic.com/ke8d2p.jpg

For instance there is a nat rule for SMTP and it shows traffic when the port scan is on.

Could you post /export compact ?

I did it from the IP Menu - how’s that? do you need more info?
My router is accessible via port 80, ssh, but none of the nat rules seems to be going anywhere eventhough there’s traffic. Thanks so much!

Any help would be amazing!!

# jan/02/1970 11:29:25 by RouterOS 5.23
# software id = WJUE-35B0
#
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip address
add address=192.168.0.162/24 comment="default configuration" interface=Bridge
add address=192.168.0.210/24 interface=ether4
/ip dhcp-client
add disabled=no interface=sfp1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input dst-port=25 protocol=tcp
add chain=input dst-address=0.0.0.0 src-address=0.0.0.0
add chain=input dst-address=192.168.100.0 src-address=192.168.0.0
add chain=forward dst-address=60.240.155.9 src-address=60.240.155.10
add chain=input dst-port=25 protocol=tcp
add chain=input dst-address=0.0.0.0 src-address=0.0.0.0
add chain=input dst-address=192.168.100.0 src-address=192.168.0.0
add chain=forward dst-address=60.240.155.9 src-address=60.240.155.10
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment=SMTP dst-port=25 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=25
add action=dst-nat chain=dstnat comment=HTTPS dst-port=443 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=443
add action=dst-nat chain=dstnat comment="PPTP VPN" dst-port=1723 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=1723
add action=dst-nat chain=dstnat comment=FTP dst-port=20-21 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.3 to-ports=20-21
add action=dst-nat chain=dstnat comment="SMTP Backup" dst-port=25 in-interface="TPG Backup" protocol=tcp to-addresses=192.168.0.2 to-ports=25
add action=dst-nat chain=dstnat comment="HTTPS Backup" dst-port=443 in-interface="TPG Backup" protocol=tcp to-addresses=192.168.0.2 to-ports=443
add action=dst-nat chain=dstnat comment="Backup PPTP VPN" dst-port=1723 in-interface="TPG Backup" protocol=tcp to-addresses=192.168.0.2 to-ports=1723
add action=dst-nat chain=dstnat dst-port=3389 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=3389
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment=SMTP dst-port=25 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=25
add action=dst-nat chain=dstnat comment=HTTPS dst-port=443 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=443
add action=dst-nat chain=dstnat comment="PPTP VPN" dst-port=1723 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=1723
add action=dst-nat chain=dstnat comment=FTP dst-port=20-21 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.3 to-ports=20-21
add action=dst-nat chain=dstnat comment="SMTP Backup" dst-port=25 in-interface="TPG Backup" protocol=tcp to-addresses=192.168.0.2 to-ports=25
add action=dst-nat chain=dstnat comment="HTTPS Backup" dst-port=443 in-interface="TPG Backup" protocol=tcp to-addresses=192.168.0.2 to-ports=443
add action=dst-nat chain=dstnat comment="Backup PPTP VPN" dst-port=1723 in-interface="TPG Backup" protocol=tcp to-addresses=192.168.0.2 to-ports=1723
add action=dst-nat chain=dstnat dst-port=3389 in-interface="TPG Symmetrical" protocol=tcp to-addresses=192.168.0.2 to-ports=3389
/ip neighbor discovery
set sfp1-gateway disabled=yes
set "Ether1 - Gateway" disabled=yes
set wlan1 disabled=yes
/ip route
add check-gateway=ping comment="Default Route" disabled=yes distance=1 gateway="TPG Symmetrical"
add comment="Backup Route" disabled=yes distance=5 gateway="TPG Backup"
add check-gateway=ping comment="Default Route" disabled=yes distance=1 gateway="TPG Symmetrical"
add comment="Backup Route" disabled=yes distance=5 gateway="TPG Backup"
/ip service
set telnet disabled=yes
set ftp disabled=yes

Any help would be great - it is interesting the result when I do a port scan. Also - the NAT rules get packets but they don’t seem to be going anywhere and the router is on the same subnet/the address is correct etc.

I keep getting

TPG Symmetrical: rcvd LCP EchoReq id=0x44
<magic 0x44c3751f>

In the event log

What is your WAN interface on this router?

In your rules you show in-interface of TGP Symetrical and TGP Backup but I do not see that interface anywhere. You need to set the in-interface of your current WAN interface in your nat rules.

What is your WAN interface on this router?

In your rules you show in-interface of TGP Symmetrical and TGP Backup but I do not see that interface anywhere. You need to set the in-interface of your current WAN interface in your nat rules

Ignore the Backup ones for now - I will add those later.

At the moment I have a dedicated DSL line into Ether-1 Gateway. I have the PPPoE interface on that interface and it is connected and listening. Is there anything else you need to make it easier I am really getting a bit desperate here. If I make a test NAT rule for RDP I can see the connection attempts adding packets to the rdp interface, the same when I do a port scan from MXtoolbox on ip http://192.168.0.210/ but it shows as port closed!

What is the name of your PPPoE interface? I do not see it in your export. Is that a current export?

[interakt@MikroTik] > interface export compact

jan/02/1970 10:14:17 by RouterOS 5.23

software id = WJUE-35B0

/interface bridge
add admin-mac=D4:CA:6D:83:5B:74 auto-mac=no l2mtu=1598 name=Bridge
protocol-mode=rstp
/interface ethernet
set 0 name=sfp1-gateway
set 1 name=“Ether1 - Gateway”
set 2 comment=“Failover DSL Connection” name=“Ether2 - Failover”
set 3 comment=Switch
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 master-port=ether6-master-local name=ether10-slave-local
/interface pppoe-client
add comment=“Primary PPPoE” disabled=no interface=“Ether1 - Gateway” name=
“TPG Symmetrical” password=************ profile=default-encryption user=\

add add-default-route=yes comment=“Failover PPPoE” interface=
“Ether2 - Failover” name=“TPG Backup” user=***********
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=
dynamic-keys name=interakt wpa-pre-shared-key=******
wpa2-pre-shared-key=********
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=australia
disabled=no distance=indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290
mode=ap-bridge security-profile=interakt ssid=Fit-AP wireless-protocol=
802.11
/interface bridge port
add bridge=Bridge interface=ether3
add bridge=Bridge interface=ether6-master-local
add bridge=Bridge interface=wlan1
add bridge=Bridge interface=ether4
[interakt@MikroTik] >


ps: I mean when I port scan the public IP it shows them as closed eventhough I make them open. With error ‘Thread being aborted’