Port Forwarding is blocking outbound traffic

cybertron · May 10, 2012, 6:26pm

Hey guys and gals,

I setup a routerOS box(RB400G I think?) and I’m running 5.14 at the moment.

I’m not sure how to export my list of firewall rules, but I’d be happy to paste them here.

I did a simple thing like this, but using winbox.

add chain=dstnat action=dst-nat to-addresses=192.168.1.202 to-ports=8152 \
    dst-address=202.59.xx.xx. dst-port=8152 protocol=tcp comment="" disabled=no

My problem is this, when I have the rule (not above, its just a sample) enabled, I cannot FTP out to any sites from within my network. Once I disable it, all works fine.

I must have something misconfigured.

Any ideas?

I just did print from the nat menu in the terminal

3 X ;;; FTP to FS
chain=dstnat action=dst-nat to-addresses=10.0.0.80 to-ports=21
protocol=tcp dst-port=21

kirshteins · May 11, 2012, 8:05am

Firewall rules can be exported by “/ip firewall export”

When enabled this rule will forward all TCP/21 traffic ti 10.0.0.80. Specify in-interface or dst-address to apply it only for public traffic.

cybertron · May 11, 2012, 12:17pm

Thank you Very much! That’s exactly what I needed.

So I set the interface to my gateway, but if I set a dst address, would that be the public IP or the internal ip of the machine forwarded to?

kirshteins · May 11, 2012, 1:09pm

Use public IP, if you need to forward traffic coming to public interface.