port forwarding and firewall

RouterOS General
1

Hi Guys im after a bit of help with port forwarding.
I have a dsl connection connected to router os via pppoe and using hotspot and i have also setup a firewall on router os.
Basically i have created a port forward following this guide http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP
The question i have is do i also need to create a filter rule to enable the above rule to work?? If so how do i go about it
I have also created a walled garden ip entry to allow outbound connections through the hotspot for the internal ip im trying to forward to.
The issue is i cant get it to work.
ANy ideas on what im doing wrong??

2

Post you firewall rules and walled-garden rules which are not working ?

3

Port Forward rule
chain=dstnat action=dst-nat to-addresses=10.51.51.10 to-ports=80
src-address=OUREXTIP dst-address=PPOEIP dst-port=8081
protocol=tcp

walled garden IP

SER.. PROTOCOL DST DST-ADDRESS DST-PORT ACTION

0 hot.. tcp monitoringsystem 5721 accept
1 hot.. accept
2 hot.. accept
3 hot.. tcp OUREXTIP 0-65535 accept

firewall filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; Accept established connections
chain=input action=accept connection-state=established

2 ;;; Accept Related Connections
chain=input action=accept connection-state=related

3 ;;; Local Radius Access
chain=input action=accept src-address=127.0.0.1 dst-address=127.0.0.1
dst-port=1812-1813 protocol=udp

4 ;;; SSH Access
chain=input action=accept src-address=OUREXTIP dst-port=22
protocol=tcp

5 chain=input action=accept src-address=192.168.17.0/24 dst-port=22
protocol=tcp

6 ;;; Remote Web Interface
chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

7 chain=input action=accept src-address=10.0.19.0/24 dst-port=80
protocol=tcp

8 chain=input action=accept src-address=192.168.17.0/24 dst-port=80
protocol=tcp

9 chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

10 ;;; WinboxAccess
chain=input action=accept src-address=OUREXTIP dst-port=8291
protocol=tcp

11 chain=input action=accept src-address=192.168.17.0/24 dst-port=8291
protocol=tcp

12 ;;; Allow Limited Pings
chain=input action=accept protocol=icmp limit=50/5s,2

13 ;;; Drop excess pings
chain=input action=drop protocol=icmp

14 X chain=input action=log log-prefix=""

15 ;;; Drop everything else
chain=input action=drop

4

AOA
i am give you help only in winbox interface, not comand pemet , winbox its to easy

give your email or any other source i send you pic’s of winbox setup for this type of port forwarding
or if you want to free online help, i help you free as a brother
Allah hafiz

5

I have this same problem with port forwarding a web server from my internal ip of the LAN interface.
I have tried all the dst nat rule still no result. Pls, i need your guide.

6

Hello Mohammed,

I will really appreciate it if you can send a post for the solution of this problem to mail email (gentinature@hotmail.com). Looking forward for it. Thanks