Port Forwarding Advice Needed

innocentdevil · August 18, 2014, 9:32am

Hi I wonder if I can get some advice please. I am familiar with mikrotiks but having a nightmare.

I have recently moved a datacentre to another one and the servers in questions are hyper-v replica servers.

I have managed to get them on the internet and dns records are pointed to the right IP.

I have having problems forwarding the replication traffic from the internet to those servers behind the mikrotik.

The port in question is 8888 and the the internal IP address of the replica server is 192.168.88.30.

The replica servers have their own IP range and a DC which dishes out IP to them. the subnet is 192.168.88.1/24.

The servers go to their own mini switch and then ports through to mikrotik port 9 which is internet facing.

The mikrotik in question also has other ports enabled which provide Leased Lines to our customers and they have separate external IP addresss.

I have been trying to configure the NAT but been failing.

I have created a dst-nat rule to forward all the traffic to IP address of the replica server which is 192.168.88.30 but its still not letting the traffic through.

Can someone point me to the right direction please.

thanks in advance.
Kash

innocentdevil · August 18, 2014, 10:16am

looks like I have got it working somehow.

CelticComms · August 18, 2014, 11:30am

In addition to the DST NAT rules you would need to allow the traffic in the forward chain (IP Firewall / Filters).

DanPrs · August 26, 2014, 2:02pm

I cannot get this to work. I’m trying to forward a port for Plex but the service is not able to get onto the WAN.

In action I chose

add dst to address list

.

And here’s the output from the terminal.

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=add-dst-to-address-list address-list=10.10.10.2 chain=forward \
    comment=Plex dst-port=32400 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=CouchPotato dst-port=5050 \
    in-interface=ether1-gateway protocol=tcp to-addresses=10.10.10.3 \
    to-ports=5050
add action=dst-nat chain=dstnat comment=SickBeard dst-port=8081 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.4 to-ports=8081
add action=dst-nat chain=dstnat comment=Transmission dst-port=9091 \
    in-interface=ether1-gateway protocol=tcp to-addresses=10.10.10.5 \
    to-ports=9091
add action=dst-nat chain=dstnat comment=BTSync dst-port=8888 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.6 to-ports=8888
add action=dst-nat chain=dstnat comment=Headphones dst-port=8181 \
    in-interface=ether1-gateway protocol=tcp to-addresses=10.10.10.9 \
    to-ports=8181
add action=dst-nat chain=dstnat comment=FreeNAS dst-port=442 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.20 to-ports=442
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.2 to-ports=32400

Emile · August 26, 2014, 2:59pm

PS: Put all your dst-nat rules before the masquerade rules.

innocentdevil · September 9, 2014, 9:29am

cheers. that got sorted long ago.