Hey! I’ve got a problem! I use V7.8 RouterOS. I’ve set up my router like 1 day ago. I use PPPoE and yes I have a static IP address.
I am trying to port forward port :3071 for a node js server, but it doesnt work I watched the tutorial for that I tried doing it the simple way and the firewall nat mannual way
I set it up to dstnat chain protocol 6 dst port 3071 In Interface list WAN ACtion dst-nat to address 192.168.88.243 where my pc is to port :3071 (Node.JS server running on port)
Also strange thing, when I have set it up with pppoe I had to use google DNS either it wouldn’t have let me find anything rather then just ping through cmd
# feb/20/2024 15:52:58 by RouterOS 7.8
# software id = **ELIDED**
#
# model = RB5009UG+S+
# serial number = **ELIDED**
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out3 \
use-peer-dns=yes user=**ELIDED**
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 disabled=yes interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=sfp-sfpplus1
/interface list member
add list=LAN
add interface=*F list=WAN
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=*10 list=WAN
add interface=pppoe-out3 list=WAN
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=dst-nat chain=dstnat dst-port=3000 log=yes protocol=tcp \
to-addresses=192.168.88.243 to-ports=3000
/ip route
add disabled=yes dst-address=0.0.0.0/0 gateway=192.168.1.1
add disabled=yes dst-address=0.0.0.0/0 gateway=192.168.88.1
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Bucharest
From:
/interface list member
add list=LAN { empty entry you need to get rid of }
add interface=*F list=WAN
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=*10 list=WAN
add interface=pppoe-out3 list=WAN
TO:
/interface list member
add interface=pppoe-out3 list=WAN
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
Remove netmask if you entered it, not required…
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=24
Dst NAT RULE INCOMPLETE see addition in green! ( to- ports not required if same as dst port )
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=3000 protocol=tcp in-interface=pppoe-out3 \ {edit fixed IP should be dst-address=staticWANip}
log=yes to-addresses=192.168.88.243
also when i try to remove /24 itgoes to /32 and kills my internet when I edit the in interface for DST thing it doesn’t send anything like it did like no packets no nothing
This site can’t be reached redactedIP refused to connect.
Another thing I realised is that when I try DHCP servers without DNS my internet dies / cant reach NS of google maybe but can ping via cmd
Sorry you are not making any sense.
Where above was there advice to remove a /24 and put in a /32 ???
Your input about DHCP and DNS, seems out of the blue as well… what is the issue here?
1.Okay so when I remove /24 it automakes it /32
2.also if I use DHCP server without DNS it doesnt work I can just ping stuff via cmd
3. port forwarding doesnt work
Remove /24 from what you still havent stated that
ALso why are you removing dns-server entry???
My bad on dst port rule please adjust too ( I didnt hoist in that your wanip is fixed static )
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=3000 protocol=tcp dst-address=staticWAN-ip
log=yes to-addresses=192.168.88.243
This is what your entry should look like.
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dhcp-server network { no entry for netmask required }
add address=192.168.88.0/24 dns-server**=192.168.88.1** gateway=192.168.88.1
…
..
LIke this?
# feb/21/2024 16:39:34 by RouterOS 7.8
# software id = Elided
#
# model = RB5009UG+S+
# serial number = Elided
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out3 \
use-peer-dns=yes user=Elided
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 disabled=yes interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=sfp-sfpplus1
/interface list member
add disabled=yes interface=*F list=WAN
add disabled=yes interface=ether1 list=WAN
add disabled=yes interface=*10 list=WAN
add interface=pppoe-out3 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=dst-nat chain=dstnat dst-address=wanip dst-port=3000 log=\
yes protocol=tcp to-addresses=192.168.88.243 to-ports=3000
/ip route
add disabled=yes dst-address=0.0.0.0/0 gateway=192.168.1.1
add disabled=yes dst-address=0.0.0.0/0 gateway=192.168.88.1
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=Europe/Bucharest
Also port forward still doin nothing
“to-addresses=192.168.88.24“ needs to reference your PPPoE address, not your internal LAN IP.
Or, reference the interface, not the IP.
wait wdym?
like port forward or where?
Bcs If I change the to address to my Public Ip / PPPoE address then it will route from dst address which is PPPoE address to pppoe address
also ye I tried my Lan ip in dst adress and gives no packets
Also refrencing any In. Interface such as Ether 1 pppoe 3 or bridge it just straight up doesnt send the packets back. (from what I know it should atleast send packets to know if it makes contact even if it’s not permited)
I’m getting confused with the multiple configs posted here. It doesn’t help that I was replying on a phone, making it difficult to tell which one is active at the moment. Sorry for adding more smoke than light.
All I can figure now is that what I take to be the current version of the dstnat rule:
add action=dst-nat chain=dstnat dst-address=wanip dst-port=3000 log=\
yes protocol=tcp to-addresses=192.168.88.243 to-ports=3000
…is referring to the literal string “wanip”, which the router doesn’t know how to look up. Either that needs to be a statically-assigned PPPoE public IP, or you need to refer to the interface instead:
add action=dst-nat chain=dstnat in-interface=pppoe-out3 dst-port=3000 log=\
yes protocol=tcp to-addresses=192.168.88.243
That formulation is more flexible anyway.
Note that you don’t have to give “to-ports” when it’s the same as dst-port. That’s the implicit default.
By the way, where’s your firewall? If this is a public-facing router, you shouldn’t be without one.
Also sorry for my stupid responses but I’m new I wanted to try smth more complicated and understand how it works!
Then the packets aren’t coming in over the pppoe3-out interface. Stop focusing on this port forwarding side issue and debug the main issue.
hear me out the reason was that in the masquadrade rule I used in interface PPPoE I removed it and now everything works as well as port fwd.
Srry if I blew your mind with my side problem Port FWD to much.
May I please get a link to a guide on firewall and protecting if I were to make a public router please?
The default configuration isn’t a bad place to start. Links from there into the docs are there for a reason. (Hint.)
Thx!!
I still have no idea what you were trying to do LOL. but if its working great!
Ah Tehnically Iw as trrying to portforward port 3000 Lol