Hey Guys,
Simple question really.
After I get a NAT firewall setup in the common way using masquerading, what do I have to do to enable all traffic through all ports?
Clients can’t check their mail, they can only surf the web, etc. with the example NAT method.
Any suggestions? I think it ought to be simple.
Adam
By default there are no rules that are blocking traffic on ports.
Check firewall filter rules, probably you have added rule that blocks other ports.
No, it is out of the box stock with the exception of it being configured with that src-nat masuqerade rule across the two devices.
Any other ideas?
Adam
Post your NAT setup here.
Regards
Andrew
I’ve exactly the same problem, and here you have my nat config:
admin@MikroTik] > ip firewall export
/ ip firewall nat
add chain=srcnat action=masquerade comment=“” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m
tcp-established-timeout=5d tcp-fin-wait-timeout=2m
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set mms disabled=no
set gre disabled=yes
set pptp disabled=yes
Thanks in advance
You need to specify an interface in the masquerade nat rule. e.g. from the manual
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=Public
Regards
Andrew
i would also suggest to buy mikrotik RouterOS license, but if you want to try RouterOS then install latest version it will be usable for 24 hours (actual uptime of the router).