Port forwarding RB2011UAS-2HnD v6.5

Mattie · November 2, 2013, 6:41pm

Hi,

I have a question about port forwarding RB2011UAS-2HnD v6.5.

I want to forward port 8080 from WAN to local IP 192.168.1.250 port 8080, however no matter what I try it doesn’t work.
btw I’m using my GSM connection to try so it is an EXTERNAL connection.

some info:

[admin@MikroTik] /ip> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     address=192.168.1.1/24 network=192.168.1.0 interface=bridge-local 
     actual-interface=bridge-local 

 1 D address=83.87.xxx.xxx/23 network=83.87.xxx.0 interface=ether1-gateway 
     actual-interface=ether1-gateway

[admin@MikroTik] /ip> /ip route print detail
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=83.87.xxx.xxx
        gateway-status=83.87.xxx.xxx reachable via  ether1-gateway distance=1 
        scope=30 target-scope=10 vrf-interface=ether1-gateway 

 1 ADC  dst-address=83.87.xxx.xxx/23 pref-src=83.87.xxx.xxx
        gateway=ether1-gateway gateway-status=ether1-gateway reachable 
        distance=0 scope=10 

 2 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=bridge-local 
        gateway-status=bridge-local reachable distance=0 scope=10

[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="ether1-gateway" default-name="ether1" type="ether" mtu=1500 l2mtu=1598 
       max-l2mtu=4074 mac-address=D4:CA:6D:F8:50:65 fast-path=yes 

 1  RS name="ether2" default-name="ether2" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=D4:CA:6D:F8:50:66 fast-path=yes 

 2  RS name="ether3" default-name="ether3" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=D4:CA:6D:F8:50:67 fast-path=yes 

 3   S name="ether4" default-name="ether4" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=D4:CA:6D:F8:50:68 fast-path=yes 

 4   S name="ether5" default-name="ether5" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=D4:CA:6D:F8:50:69 fast-path=yes 

 5   S name="ether6-master-local" default-name="ether6" type="ether" mtu=1500 l2mtu=1598 
       max-l2mtu=2028 mac-address=D4:CA:6D:F8:50:6A fast-path=yes 

 6   S name="ether7-slave-local" default-name="ether7" type="ether" mtu=1500 l2mtu=1598 
       max-l2mtu=2028 mac-address=D4:CA:6D:F8:50:6B fast-path=yes 

 7   S name="ether8-slave-local" default-name="ether8" type="ether" mtu=1500 l2mtu=1598 
       max-l2mtu=2028 mac-address=D4:CA:6D:F8:50:6C fast-path=yes 

 8   S name="ether9-slave-local" default-name="ether9" type="ether" mtu=1500 l2mtu=1598 
       max-l2mtu=2028 mac-address=D4:CA:6D:F8:50:6D fast-path=yes 

 9   S name="ether10-slave-local" default-name="ether10" type="ether" mtu=1500 l2mtu=1598 
       max-l2mtu=2028 mac-address=D4:CA:6D:F8:50:6E fast-path=yes 

10  X  name="sfp1-gateway" default-name="sfp1" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=D4:CA:6D:F8:50:64 fast-path=yes 

11  RS name="wlan1" default-name="wlan1" type="wlan" mtu=1500 l2mtu=2290 
       mac-address=D4:CA:6D:F8:50:6F fast-path=no 

12  R  name="bridge-local" type="bridge" mtu=1500 l2mtu=1598 mac-address=D4:CA:6D:F8:50:66 
       fast-path=no

[admin@MikroTik] > /ip firewall export
# nov/02/2013 19:41:07 by RouterOS 6.5
# software id = 9JL3-QM6H
#
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input dst-port=8080 protocol=tcp src-port=8080
add action=drop chain=input comment="default configuration" in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=\
    ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses=192.168.1.250 \
    to-ports=8080

Please explain what i’m doing wrong?

evince · November 4, 2013, 9:12pm

Hi,

Change in /ip firewall filter :

add chain=input dst-port=8080 protocol=tcp src-port=8080

for

add chain=forward dst-port=8080 protocol=tcp

Bests Regards,

Mattie · November 6, 2013, 6:28pm

Thanks it works now!