Port forward issue

RouterOS Beginner Basics
1

I just replaced my Ubiqiti EdgeRouter-X with a hAP ac and am loving it so far. The only issue I’m having is I cannot get port forwarding to work. Output of /IP firewall Nat print is below.

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface=ether1 log=no
      log-prefix=""

 1    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=4242 dst-port=4242 log=no
      log-prefix=""

 2    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=4243 dst-port=4243 log=no
      log-prefix=""

 3    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=32400 dst-port=32400 log=no
      log-prefix=""

 4    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 in-interface=ether1 src-port=5631
      dst-port=22 log=no log-prefix=""

 5    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.4 src-port=8100 dst-port=80 log=no
      log-prefix=""

 6    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=6697 dst-port=6697 log=no
      log-prefix=""

 7    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.3 src-port=443 dst-port=443 log=no
      log-prefix=""

 8    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.3 src-port=444 dst-port=444 log=no
      log-prefix=""

 9    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=45945 dst-port=45945 log=no
      log-prefix=""

10    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.3 src-port=2068 dst-port=2068 log=no
      log-prefix=""

11    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=9981 dst-port=9981 log=no
      log-prefix=""

12    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=9982 dst-port=9982 log=no
      log-prefix=""

13    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=18080 dst-port=18080 log=no
      log-prefix=""

14    chain=dstnat action=accept protocol=tcp src-address=0.0.0.0
      dst-address=172.16.6.2 src-port=18081 dst-port=18081 log=no
      log-prefix=""

Sent from my 2PZC5 using Tapatalk

2

Make it like this

/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop comment="Drop all other input"

add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat comment="Allow Port forwards"
add chain=forward action=drop comment="Drop all other forward"

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat in-interface=ether-WAN protocol=tcp to-addresses=1.2.3.4 dst-port=123 to-ports=123 comment="Sample Port Forward"
3

Thanks. Now I can connect remotely.

Sent from my 2PZC5 using Tapatalk