[I want to forward port 2222 from the router to 22 on an internal natted server.]
Just got my new router, very excited, and I am having an issue with port forwarding. I have a sftp server behind my new MikroTik, and would like it to be able to reach it. I thought, why not move the port from 22, since when I had port 22 open, I had ~200 log in attempts in one day from 45.114.11.18.
I found a similar problem w/o an answer here: http://forum.mikrotik.com/t/nat-port-forwarding/86618/1
Here are the settings that I hope will help.
log entry:
aug/04 22:20:33 firewall,info sshfwd forward: in:ether1-gateway out:bridge-local, src-mac xx:..:xx, proto TCP (SYN), 1.x.x.1:19062->192.168.1.100:22, NAT 66.x.x.x:19062->(68.x.x.x:2222->192.168.1.100:22), len 64
nat setup:
/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=22 protocol=tcp in-interface=ether1-gateway dst-port=2222 log=yes
log-prefix=""
1 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
firewalll entry:
... (lots of things about input...
8 chain=forward action=accept protocol=tcp dst-port=22 log=yes log-prefix="sshfwd"
9 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no log-prefix=""
Thanks!