Port forward issues

weaselchops · April 11, 2014, 6:28pm

Hi,

Yes another noobie port forward question . I have spent most of the day getting nowhere… so I thought I would ask

My setup was working fine on my old Linksys RV router…

I am trying forward some port to servers sitting on my LAN, nothing to fancy going on
I tried with and without a bridge, I have tried specifying the IP address on Internet connection and just using the
I just cannot get any traffic through to my port forwarded servers.
As a test I set up at web server and snooped traffic on the interface…but am getting nothing.
I can see packets hitting the rules when I try and connect and the counters incrementing
I am testing from a separate internet connection.

Any ideas?
Thanks

Running: RouterOS 6.11

/ip firewall filter
add chain=input connection-state=established
add chain=input connection-state=established
add action=drop chain=input connection-state=invalid
add chain=input in-interface=bridge-local
add action=drop chain=input
add chain=forward connection-state=established
add chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
add chain=forward in-interface=bridge-local
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-internet
add action=dst-nat chain=dstnat comment="Synology CCTV" dst-address=172.16.0.254 dst-port=9900 protocol=tcp to-addresses=172.16.0.47 to-ports=9900
add action=dst-nat chain=dstnat comment="Synology Main interface" dst-port=5000 in-interface=ether1-internet protocol=tcp to-addresses=172.16.0.47 to-ports=\
    5000
add action=dst-nat chain=dstnat comment="Test rule" dst-port=7777 in-interface=ether1-internet protocol=tcp to-addresses=172.16.0.14 to-ports=80
add action=netmap chain=dstnat comment="Synology Main interface (secure)" dst-port=5001 in-interface=ether1-internet protocol=tcp to-addresses=172.16.0.47 \
    to-ports=5001
add action=dst-nat chain=dstnat comment="Synology CCTV (Secure)" dst-port=9901 in-interface=ether1-internet protocol=tcp to-addresses=172.16.0.47 to-ports=\
    9900

lags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Local LAN GigE
     address=172.16.0.254/24 network=172.16.0.0 interface=bridge-local actual-interface=bridge-local 

 1 D address=<ISP IP>/23 network=<ISP Network> interface=ether1-internet actual-interface=ether1-internet

weaselchops · April 14, 2014, 9:18am

Hmm after much hair pulling… wiping all firewall rules and following lots of howto guides…I have finally got it working!

What didn’t help is that I had forgotten about DYNDNS… my IP had changed mid hair pulling!!

DYNSDNS and hairpin NAT script added http://networkingforintegrators.com/2013/02/hairpin-nat-or-how-to-use-your-dyndns-address-internally-or-externally/

A few more issues to sort out… But mostly there