I have tried to get an application that needs to connect to ports 25 & 110 to a server outside of our network. Sounds simple enough.
flow is application to router, router to server on internet, server on internet to router, router back to application. this looks simple to me, but I am banging my head against the wall.
I am using winbox to configure the router.
I have tried to use a NAT rule chain=srcnat, src Address=interface1, protocol=TCP, dst port=25, out interface=interface2
When I tried to connect the connection fails. I have been reading through the manual and forum but I can’t seem to get the examples to work.
I am going to take a break over the holidays and let my mind clear and come back to this on monday. Would any one be will to give me some more direction on how to acomplish this?
Thank you for your time.
ZeroEffect
guille4
December 28, 2009, 6:06pm
2
disable ALL the firewall filter rules and try again.
Post here your complete firewall config.
Currently there are no firewall rules.
winbox->IP->Firewall->Filter Rules Tab
I have deleted the rules I was testing with.
I will post the firewall config once I find how to export it.
Thanks for your help.
winbox->IP->Firewall->Filter Rules Tab
/ ip firewall nat
add chain=srcnat out-interface="Site 1" dst-address=192.96.30.0/24 \
action=masquerade comment="" disabled=no
add chain=srcnat out-interface="Site 2" dst-address=192.93.10.0/24 \
action=masquerade comment="" disabled=no
add chain=srcnat out-interface="Local Domain" dst-address=172.27.6.0/23 \
action=masquerade comment="" disabled=no
add chain=srcnat out-interface="Site 3. Site" dst-address=172.28.6.0/23 \
action=masquerade comment="" disabled=no
add chain=srcnat out-interface="Site 4" dst-address=192.76.0.0/24 \
action=masquerade comment="" disabled=no
add chain=srcnat action=accept comment="" disabled=no
add chain=srcnat out-interface="Site 5" dst-address=192.168.2.0/24 \
action=masquerade comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=forward out-interface="DSL" src-address=192.7.60.15 \
dst-address=24.192.121.163 protocol=tcp src-port=25 dst-port=25 \
action=accept comment="" disabled=no
add chain=forward in-interface="DSL" src-address=0.0.0.0 \
dst-address=192.7.60.15 protocol=tcp src-port=25 dst-port=25 \
action=passthrough comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip dhcp-client
Thanks for your help.
guille4
December 29, 2009, 10:36pm
5
Your NAT config is wrong.
you must put something like that in ip firewall nat:
add chain=srcnat action=masquerade src-address=10.10.10.0/24 out-interface=ether1 enabled=yes
use as source address and mask the ip pool of you internal network.
You must config properly the ip address and routes in your mikrotik router.
Take a look in wiki.mikrotik.com about common NAT config examples.