Hello all, I am trying to forward two ports to a single internal machine, but the mikrotik router gets its ip dynamically, so I have to use masquerade. Currently I have:
1 chain=srcnat out-interface=wlan1 src-address=192.168.1.0/24
action=masquerade
2 X chain=srcnat src-address=192.168.1.215 action=src-nat
to-addresses=[public_ip] to-ports=5631-5632
3 X chain=dstnat dst-address=[public_ip] action=dst-nat
to-addresses=192.168.1.215 to-ports=5631-5632
When I enable 2 and 3 it makes the router unable to talk via winbox or pings, and really strange behavior occurs.
Any ideas On how to get this working?
Thanks!
On the 2 rule you are specifying that only 2 ports can be used as outgoing src ports. This means only 1-2 connections are going to work probably. Change this back to 0-65535 or something like 10000-65535.
On rule 3 you have to-ports=5631-5632. Your intention might be to add dst-port=5631-5632, and change to-ports=0-65535.
Sam
Is there a way to do this so that the public_ip is set to whatever the public ip on the public interface is at the time?
Well in new ros version I was unable to port forward. I add new srcnat rule and it worked.
Try below in your case
chain=srcnat action=masquerade protocol=tcp dst-address=192.168.1.215 dst-port=5631-5632
chain=dstnat action=dst-nat to-addresses=192.168.1.215 to-ports=5631-5632 protocol=tcp in-interface=WAN dst-port=5631-5632