When I try to forward any port of a game to make dedicated servers, it just doesn’t show the graph moving and the bytes of the data being transferred is zero, i want to make a server for BeamMP with the port: 30814 and it is udp and tcp and none of the things i port forward work except port 80 to my Ip address. and do i need to make new port forwarding sessions so one has udp, and the oher tcp? because it needs udp and tcp protocol to work.
and i also watched some tutorials on this, i dont know whats causing this.
Do you have internet connection with public ip ? if not maybe there is a problem on ISP side. Give your full config, not just screenshot.
i will post the config if i know how to (im new to this)
Can you share this information:
/ip/firewall/nat export
I think your dst-address(-list) and to-address are missing in your screenshot, did you set them?
where do i run this code
and i think i did set them
Terminal
think?
Have some reading to do!!
https://forum.mikrotik.com/viewtopic.php?p=908118
https://forum.mikrotik.com/viewtopic.php?t=191442
Only after you have gone over the above…
https://forum.mikrotik.com/viewtopic.php?t=179343
sorry but i will send it now
not looking too good for me
this is the code:
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=BeamMP dst-port=30418 protocol=tcp \
to-addresses=192.168.8.253 to-ports=30418
No point in showing you dont know how to config the router just yet.
Please attempt the readings and then come back and post a complete config.
Understanding is more important then copy and paste at this juncture
/export file=anynameyouwish ( minus router serial number and any public WANIP information ).
the goddamn Firewall rules in the terminal dont work, or im stupid
/ip/firewall/nat> add chain=forward action=accept connection-nat
-state=dstnat
expected end of command (line 1 column 33)
That looks like it should go to /ip/firewall/filter not nat
yeah was a mistake i made while typing, fixed it now
[/quote]=anav post_id=1046947 time=1704715199 user_id=115581]
Have some reading to do!!
https://forum.mikrotik.com/viewtopic.php?p=908118
https://forum.mikrotik.com/viewtopic.php?t=191442
Only after you have gone over the above…
https://forum.mikrotik.com/viewtopic.php?t=179343
[/quote]
[code] RouterOS 7.2
#
# model = RBD53G-5HacD2HnD&EG18-EA
/interface bridge
add admin-mac=18:FD:74:A8:CA:D8 auto-mac=no comment=defconf name=bridge
/interface lte
set [ find ] allow-roaming=no band="" name=lte1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=latvia disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge ssid=LMT-2GHz-CAD8 wireless-protocol=802.11 wps-mode=\
push-button-5s
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
country=latvia disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge skip-dfs-channels=10min-cac ssid=LMT-5GHz-CAD8 \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=internet.lmt.lv ipv6-interface=bridge name=\
"LMT Internet" use-network-apn=no
add apn=static1.lmt.lv ip-type=ipv4 name=LMT-static1.lmt.lv
add apn=static2.lmt.lv ip-type=ipv4 name=LMT-static2.lmt.lv
add apn=internet1.lmt.lv ip-type=ipv4 name=LMT-internet1.lmt.lv
add apn=static61.lmt.lv ipv6-interface=bridge name=LMT-static61.lmt.lv
add apn=static62.lmt.lv ipv6-interface=bridge name=LMT-static62.lmt.lv
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=LMT
/ip pool
add name=dhcp ranges=192.168.8.10-192.168.8.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=3h name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface lte settings
set external-antenna=auto
/ip address
add address=192.168.8.1/24 comment=defconf interface=bridge network=192.168.8.0
/ip dhcp-server network
add address=192.168.8.0/24 comment=defconf gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.8.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward dst-address=10.39.44.92 dst-port=30814 \
protocol=tcp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=beemmp dst-port=30814 protocol=tcp \
to-addresses=192.168.8.254 to-ports=30814
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 src-address=\
192.168.88.0/24
/ip service
set www-ssl certificate=router.lan disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Riga
/system identity
set name="LMT LTE18"
/system routerboard settings
set auto-upgrade=yes
/system routerboard reset-button
set enabled=yes hold-time=5s..10s on-event=reset-configuration
/system script
add dont-require-permissions=yes name=reset-configuration owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/system reset-configuration"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tr069-client
set acs-url=https://acs.lmt.lv:8049 check-certificate=no \
connection-request-port=8081 connection-request-username=vzl5dlFhNnfc \
enabled=yes periodic-inform-interval=12h username=LMT
[/code]
Decent!
Observations
(1) One doesnt make port forwarding rules in the forward chain thus get rid of this… The only thing that should be in the forward chain is one rule allowing dstnat.
All port forwarding details are put in the dstnat chain rules. Also its in the wrong order if it was to be in the forward chain…
add action=accept chain=forward dst-address=10.39.44.92 dst-port=30814
protocol=tcp
If I am mistaken as to the purpose of this rule please explain its purpose. Open ended rules are rarely a good idea ( should have both source and destination type settings )
(2) Order within a chain is critical, but its also very smart to organize chain rules together for easy reading to spot errors etc…
(3) I see you have a hairpin SourceNat Rule which tells me you have users on the same subnet as your server and you want them to use the dyndns name vice the direct LANIP address of the server.
(4) I’m assuming your WANIP is not fixed/static and is thus dynamic and if so, the link to port forwarding should be read again.
Also you need to reread it as your DST NAT port forwarding rule is also incorrect.
(5) mac-server by itself is not a secure access method and thus should be set to NONE
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
(6) Are you using IPV6?? If not disable IPV6 and get rid of all its addresses and for ipv6 firewall rules, remove all and simply put.
add chain=forward action=drop
add chain=input action=drop
(7) Proper firewall ruleset.
/ip firewall filter
{Input Chain}
(default rules to keep)
add action=accept chain=input comment=“defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1
(admin rules)
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input comment=“drop all else” { add this rule last for all rules }
{forward chain}
(default rules to keep)
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
(admin rules)
add action=accept chain=forward comment=“allow internet traffic” in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment=“port forwarding” connection-nat-state=dstnat
add action=drop chain=forward comment=“drop all else”
RouterOS 7.2
# model = RBD53G-5HacD2HnD&EG18-EA
/interface bridge
add admin-mac=18:FD:74:A8:CA:D8 auto-mac=no comment=defconf name=bridge
/interface lte
set [ find ] allow-roaming=no band="" name=lte1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=latvia disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge ssid=LMT-2GHz-CAD8 wireless-protocol=802.11 wps-mode=push-button-5s
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=latvia disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge skip-dfs-channels=10min-cac ssid=LMT-5GHz-CAD8 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=internet.lmt.lv ipv6-interface=bridge name="LMT Internet" use-network-apn=no
add apn=static1.lmt.lv ip-type=ipv4 name=LMT-static1.lmt.lv
add apn=static2.lmt.lv ip-type=ipv4 name=LMT-static2.lmt.lv
add apn=internet1.lmt.lv ip-type=ipv4 name=LMT-internet1.lmt.lv
add apn=static61.lmt.lv ipv6-interface=bridge name=LMT-static61.lmt.lv
add apn=static62.lmt.lv ipv6-interface=bridge name=LMT-static62.lmt.lv
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=LMT
/ip pool
add name=dhcp ranges=192.168.8.10-192.168.8.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=3h name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes forward=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface lte settings
set external-antenna=main
/ip address
add address=192.168.8.1/24 comment=defconf interface=bridge network=192.168.8.0
/ip dhcp-server network
add address=192.168.8.0/24 comment=defconf gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.8.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward dst-address=10.39.44.92 dst-port=30814 protocol=tcp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=\
yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
add action=accept chain=input comment="defconf: accept established,related,untracked"
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=\
yes
add action=accept chain=forward comment="defconf: accept established,related, untracked"
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="drop all else"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=beemmp dst-address=0.0.0.168-247.255.255.169 dst-port=30814 protocol=tcp src-address=\
0.0.0.168-247.255.255.169 to-addresses=192.168.8.254 to-ports=30814
add action=dst-nat chain=dstnat dst-address=0.0.0.168-247.255.255.169 dst-port=30814 protocol=udp src-address=\
0.0.0.168-247.255.255.169 to-addresses=192.168.8.254 to-ports=30814
/ip service
set www-ssl certificate=router.lan disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Riga
/system identity
set name="LMT LTE18"
/system routerboard settings
set auto-upgrade=yes
/system routerboard reset-button
set enabled=yes hold-time=5s..10s on-event=reset-configuration
/system script
add dont-require-permissions=yes name=reset-configuration owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reset-configuration"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tr069-client
set acs-url=https://acs.lmt.lv:8049 check-certificate=no connection-request-port=8081 connection-request-username=\
vzl5dlFhNnfc enabled=yes periodic-inform-interval=12h username=LMT
is this better, and also, what do i do with the BeamMP serer i am trying to host, it still shows 0 bytes and 0 packets .(192.168.8.254)
Last post… You didnt modify the firewall rules and your port forwarding destination nat rules are worse.
Good luck!