Port forwarding not working for me on RB411 / 6.0

Compfuser · January 13, 2013, 6:48am

Hi Mikrotiks, I’ve tried to self help this with endless googling and forums searched.

I have found some excellent descriptions on how to set up port forwarding but none of the methods seem to work in my configuration.

I have an ISP that offers a dynamic public ip, a RB411U running 6.0 and an MC8705 3g card.

Nat is setup as..

Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade out-interface=lte1 

 1   chain=dstnat action=dst-nat to-addresses=192.168.1.103 to-ports=3389 
     protocol=tcp in-interface=lte1 dst-port=3389

I have also tried not specifying the in interface - this also did not work.

I’m sure the answer is pretty basic, but after many, many hours trying I remain compfused.

Any ideas appreciated. TIA

CelticComms · January 14, 2013, 12:48pm

Is the connection working for internet access?

Make sure that the device at 192.168.1.103 is using the routerboard as its default gateway.

Does the APN actually allow inbound traffic? You can use Torch on the interface to see if you are seeing the inbound 3389 traffic.

rokycky · January 14, 2013, 4:48pm

Most of the 3g internet connections have a incoming connection “drop” rule by the ISP network configuration, no matter what kind of outside IP you got.
If you need outside connection to your RB, got to establish a VPN tunel ( RB as a client) to outstanding VPN server.

Compfuser · January 14, 2013, 10:29pm

Thanks - the APN does allow inbound traffic yet Torch doesn’t show any inbound connections from the external ip I am trying to access from. All other normal internet access is fine (outbound).

CelticComms · January 15, 2013, 12:52pm

OK - well if Torch doesn’t show the connection attempt it sounds as if the problem is further back at the APN level…

mixig · January 15, 2013, 1:54pm

When you are trying 3389 from outside to your routerboard, in firewall/nat on mikrotik do you see on your dst rule for 3389 that the counter is growing? if not traffic is not coming to your mikrotik (also you said that in torch there is no that traffic)

Compfuser · January 16, 2013, 6:32am

Yep - you got it. I checked with the ISP and they informed me that “VPN” is no longer supported. (This was their quote). They didn’t seem to understand the question about inbound traffic - seem they have changed their “policy” and these accounts are for “browsing” only!!!

Time to find a new ISP that doesn’t shift the goal posts on the fly!

Thanks all that tried to help.