Port Forwarding Issues

bigbarr25 · January 5, 2018, 7:03pm

I am stuck with a simple port forwarding request. I just upgraded my r7000 nighthawk to the RB3011 with Ubiquiti Access Point (AT&T Fiber speeds are amazing). I’ve got my home network configured expect I am unable to access my security cameras remotely. I have watched videos, read tutorials, spent 5-6 hours trying all sorts of different settings but for the life of me I can not open port 81 on my Mikrotik Router. This worked without issue with the Netgear Nighthawk so I believe my modem is correctly configured in bridge mode. I’ve turned off the Windows Firewall on the local host computer. I am just plain stuck. Any help would be appreciated. My local IP address for the camera monitoring software is 192.168.1.10 over port 81. Here is my Firewall NAT print screen

0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no
log-prefix=“” ipsec-policy=out,none

1 chain=dstnat action=dst-nat to-addresses=192.168.1.10 to-ports=81
protocol=tcp in-interface=ether1 WAN log=no log-prefix=“”

2 chain=srcnat action=src-nat to-ports=81 protocol=tcp
src-address=192.168.1.10 out-interface=ether1 WAN log=no log-prefix=“”

16again · January 7, 2018, 8:00am

afaik, you need to have a firewall rule alongside the dNAT rule, to actually allow the traffic in

airbanduk · January 11, 2018, 4:05pm

You haven’t specified a port to match against.

chain=dstnat dst-port=81 action=dst-nat to-addresses=192.168.1.10 to-ports=81 
protocol=tcp in-interface=ether1

You don’t need the second src-nat rule as masquerade will take care of it

Patten · January 29, 2018, 7:40pm

Hello,
I just got a RB750gr3 and updated RouterOS to 6.41.
The default configuration allows me to access www and send email, but I have my own email server on a static ip and I can’t get port 25 passed through to it.
I’ve read sections of the manual, viewed YouTube and read internet posts, but I can’t figure out what’s wrong.

This is my setup: All the rules except the last one (nat 1) are the default configuration:

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

1 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related

2 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related

3 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid

4 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 log=yes log-prefix=“”

5 chain=input action=accept protocol=icmp

6 chain=input action=accept connection-state=established

7 chain=input action=accept connection-state=related

8 chain=input action=drop in-interface=pppoe-out1

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=pppoe-out1

1 chain=dstnat action=dst-nat to-addresses=192.168.0.250 to-ports=25 protocol=tcp in-interface=ether1 dst-port=25 log=no log-prefix=“”

Can anybody point out what I’m doing wrong, or not doing right?
Thanks.

p.s. I can telnet to port 80, but not port 25. ???