port forwarding

RouterOS Beginner Basics
1

Hello,

I am having problems with port forwarding on a hAP ac2. I am connecting in bridge mode to the internet. Here are my interface list:

NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU

0 R ether1 ether 1500 1598 9214
1 RS ether2 ether 1500 1598 9214
2 S ether3 ether 1500 1598 9214
3 S ether4 ether 1500 1598 9214
4 S ether5 ether 1500 1598 9214
5 S wlan1 wlan 1500 1600 2290
6 RS wlan2 wlan 1500 1600 2290
7 R RDS pppoe-out 1480
8 R ;;; defconf
bridge bridge 1500 1598

and my port forwarding rules:
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=RDS
add action=dst-nat chain=dstnat dst-port=37186 in-interface=ether1 protocol=tcp to-addresses=192.168.88.246 to-ports=37186
add action=dst-nat chain=dstnat dst-port=37186 in-interface=ether1 protocol=udp to-addresses=192.168.88.246 to-ports=37186
add action=dst-nat chain=dstnat dst-port=27960 in-interface=ether1 protocol=udp to-addresses=192.168.88.246 to-ports=27960
add action=dst-nat chain=dstnat dst-port=58967 in-interface=ether1 protocol=udp to-addresses=192.168.88.246 to-ports=58967
add action=dst-nat chain=dstnat dst-port=58967 in-interface=ether1 protocol=tcp to-addresses=192.168.88.246 to-ports=58967
add action=dst-nat chain=dstnat dst-port=2204 in-interface=ether1 protocol=tcp to-addresses=192.168.88.246 to-ports=2204
add action=dst-nat chain=dstnat dst-port=2204 in-interface=ether1 protocol=udp to-addresses=192.168.88.246 to-ports=2204

can someone please tell me what am I doing wrong ?

Thanks

2

The out interface in the masquerade rule should be the same interface as the in-interface in the Destination NAT rules.
(the working WAN interface that is).

So what you are saying is that All private traffic should be given a public IP associated with eth7
But you are telling the router that all incoming traffic, heading for your server (portxx) is going to eth1

Which is your WAN associated interface???

In addition I would need to see your /ip firewall filter rules.

3

@anav is right: your WAN interface is (by the looks of it) RDS and should be used in dst-nat rules instead of ether1. Which is, most probably, only carrying PPPoE frames and bears no L3 (IP) configuration.