Port Fowarding..should work but not?

RouterOS Beginner Basics
1

Hi Everyone,

I have two port forwarding issues that I just can’t seem to get working, I must be overlooking something. So this is my situation. I have a server and a DVR on my network. I replaced my broke DLink with a MikroTik RB951G router. I have read the steps on how i should be forwarding the ports for these two devices. I have checked and re-checked my settings and from what I can see it is all correct. These are my setting that I have for my Plex server.
plex1.PNG
plex2.PNG
I have used both WebFig v6.38 and also Winbox v3.7.

Here is an export of my Firewall and Nat settings..

/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=yes \
    protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
    established,related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
    connection-state=established,related
add action=accept chain=forward comment="default configuration" \
    connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-address=75.x.x.x dst-port=32400 \
    in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.105 \
    to-ports=32400
add action=dst-nat chain=dstnat dst-address=75.x.x.x dst-port=2050 \
    in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.103 \
    to-ports=2050

I edited the code to block out my WAN IP, but I can’t figure out why it’s not getting through? I can’t only think it might be a default Firewall filter that is causing it to not work? I have only disabled the ICMP filter and for services FTP, TELNET and SSH. Any help is greatly appreciated! It’s driving me crazy..

Thank you!

2

Hi.

When you use DST-NAT rule, what was an input become into forward in firewall filter. So this rule
add action=drop chain=forward comment=“default configuration” connection-state=
will block comunication

Regards.

3

Nope, that rule has also connection-nat-state=!dstnat, which means that only connections not dstnatted will be dropped. Forwarded ports will be allowed.

The config looks ok for outside access. It would fail only when testing from same LAN. Solution for that would be removing in-interface=ether1-gateway, because it’s not needed when there’s dst-address=75.x.x.x, plus adding scrnat rule as described here.

4

Thank you for your replies and help, I’m not worried about getting it working on my own LAN, just wanting to get it working from outside. I looked at the firewall filter and noticed that filter but since it was a default setting didn’t think it was the cause. Everything does looks correct like it should work? This has me stumped?

5

And why exactly you think it doesn’t work?

Nmap scan report for xxxxx.hawaii.res.rr.com (75.x.x.x)
Host is up (0.25s latency).
PORT      STATE SERVICE
2050/tcp  open  unknown
32400/tcp open  unknown

And opening port 32400 in browser shows Plex login form.

6

Thank you very much for your help! It does work! It was my error as I used the free noip.com service and my updater wasn’t updating properly so the links that I kept using kept timing out, After, you verified the connection I found what my root cause was. Thank you again, appreciate the help!