I can`t forward port to Cerberus server on windows
Cerberus is on port 4444
ip firewall nat print
chain=dstnat action=dst-nat to-addresses=10.0.4.146 to-ports=4444 protocol=tcp dst-address=000.00.000.000 dst-port=3333 log=no log-prefix=""
ip firewall filter print
chain=input action=accept protocol=tcp dst-address=10.0.4.146 src-port=3333 dst-port=4444 log=no log-prefix=""
Locally 10.0.4.146 works.
Remote connection 000.00.000.000:3333 does not work
Please help
Hi
the firewall filter rule should be in chain=forward, and remove the “src-port=…” condition
Are you on fixed ip? then ignore following: in dst-nat rule, you can improve it by dst-adress=… → dst-address-type=local
From your code snippet is seems people are coming to your router on port 3333 and you wish to have it translated to 4444.
What you need is a generic firewall filter rule that enables the router to pass through DSTNAT connections.
/ip firewall filter
add action=accept chain=forward comment=
“Allow Port Forwarding” connection-nat-state=dstnat
Then in NAT create the necessary dstnat rules…
/ip firewall nat
add action=dst-nat chain=dstnat comment=Cerberus_Access dst-port=3333
in-interface=WAN log=yes protocol=tcp to-addresses=10.0.4.146 to-ports=4444
It would be better if you could limit access and this would necessitate the creation of a firewall address list for example.
This is another example with such an inclusion and I changed the in-interface for this example supposing you had two wan IPs.
/ip firewall nat
add action=dst-nat chain=dstnat comment=Cerberus_Access dst-port=3333
in-interface-list=WAN src-address-list=trustedCerberus log=yes protocol=tcp to-addresses=10.0.4.146 to-ports=4444