I’m new to microtik and could really use some help.
In my setup dstnat works great, i can connect from outside to one of my vm’s without any problems but srcnat doesn’t work for some reason… I’m fighting with it for some time now, still no luck.
Posted config print below
I guess you have to put port on the dst-port option
i tried that but still no luck. from what i’ve noticed can’t forward any outgoing connections to public ip, not just smtp.
double post
any ideas what i’m doing wrong?
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=61.42.133.49 gateway-status=61.42.133.49 reachable 1_WAN distance=1 scope=30
target-scope=10
1 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=3_siec1 gateway-status=3_siec1 reachable distance=0
scope=10
2 ADC dst-address=61.42.133.0/24 pref-src=61.42.133.50 gateway=1_WAN gateway-status=1_WAN reachable distance=0
scope=10
3 ADC dst-address=61.43.141.0/24 pref-src=61.43.141.1 gateway=1_WAN gateway-status=1_WAN reachable distance=0
scope=10
4 ADC dst-address=61.43.141.12/32 pref-src=61.43.141.12 gateway=1_WAN gateway-status=1_WAN reachable distance=0
scope=10
5 ADC dst-address=61.43.141.21/32 pref-src=61.43.141.21 gateway=1_WAN gateway-status=1_WAN reachable distance=0
scope=10
6 ADC dst-address=61.43.141.145/32 pref-src=61.43.141.145 gateway=1_WAN gateway-status=1_WAN reachable distance=0
scope=10
7 ADC dst-address=192.168.131.0/24 pref-src=192.168.131.1 gateway=5_Studenci gateway-status=5_Studenci reachable
distance=0 scope=10
8 ADC dst-address=192.168.141.0/24 pref-src=192.168.141.1 gateway=5_Studenci gateway-status=5_Studenci reachable
distance=0 scope=10
9 ADC dst-address=192.168.150.0/24 pref-src=192.168.150.1 gateway=4_FIRMY gateway-status=4_FIRMY reachable
distance=0 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.150.1/24 network=192.168.150.0 interface=4_FIRMY actual-interface=4_FIRMY
1 address=61.42.133.50/24 network=61.42.133.0 interface=1_WAN actual-interface=1_WAN
2 address=61.43.141.1/24 network=61.43.141.0 interface=1_WAN actual-interface=1_WAN
3 address=61.43.141.20/24 network=61.43.141.0 interface=1_WAN actual-interface=1_WAN
4 address=61.43.141.194/24 network=61.43.141.0 interface=1_WAN actual-interface=1_WAN
5 address=61.43.141.12/32 network=61.43.141.12 interface=1_WAN actual-interface=1_WAN
6 address=61.43.141.21/32 network=61.43.141.21 interface=1_WAN actual-interface=1_WAN
7 address=192.168.131.1/24 network=192.168.131.0 interface=5_Studenci actual-interface=5_Studenci
8 address=10.0.0.1/24 network=10.0.0.0 interface=3_siec1 actual-interface=3_siec1
9 address=192.168.141.1/24 network=192.168.141.0 interface=2_HOSTING actual-interface=5_Studenci
10 address=61.43.141.141/24 network=61.43.141.0 interface=1_WAN actual-interface=1_WAN
11 address=61.43.141.16/24 network=61.43.141.0 interface=1_WAN actual-interface=1_WAN
12 address=61.43.141.145/32 network=61.43.141.145 interface=1_WAN actual-interface=1_WAN
/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R 1_WAN ether 1500 1600 4076
1 R 5_Studenci ether 1500 1598 2028
2 R 3_siec1 ether 1500 1598 2028
3 R 4_FIRMY ether 1500 1598 2028
4 R 2_HOSTING ether 1500 1598 2028
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no
add action=accept chain=input comment="default configuration" connection-state=related disabled=no
add action=log chain=forward disabled=no dst-address=0.0.0.0/0 dst-port=25 log-prefix="ruch klienci" protocol=tcp
add action=drop chain=forward disabled=no dst-port=25 protocol=tcp src-address=192.168.131.0/24
/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no new-packet-mark=mark_prio1 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting disabled=no new-packet-mark=mark_prio1 passthrough=no protocol=icmp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=mark_prio1 passthrough=no protocol=udp \
src-port=53
add action=mark-packet chain=postrouting disabled=no dst-port=53 new-packet-mark=mark_prio1 passthrough=no \
protocol=udp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=mark_prio2 passthrough=no protocol=tcp \
src-port=80
add action=mark-packet chain=postrouting disabled=no dst-port=80 new-packet-mark=mark_prio2 passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=mark_prio3 passthrough=no protocol=tcp \
src-port=443
add action=mark-packet chain=postrouting disabled=no dst-port=443 new-packet-mark=mark_prio3 passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting disabled=no new-packet-mark=mark_prio8 p2p=all-p2p passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=mark_prio8 p2p=all-p2p passthrough=no
add action=mark-packet chain=prerouting disabled=no new-packet-mark=mark_prio8 passthrough=no
add action=mark-packet chain=postrouting disabled=no new-packet-mark=mark_prio8 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no dst-address=0.0.0.0/0 out-interface=1_WAN src-address=0.0.0.0/0
add action=dst-nat chain=dstnat disabled=no protocol=tcp random=99 src-address-list=platnosc to-addresses=\
61.43.141.141 to-ports=80
add action=src-nat chain=srcnat disabled=yes dst-address=0.0.0.0/0 out-interface=1_WAN protocol=udp src-address=\
0.0.0.0/0 to-addresses=0.0.0.0 to-ports=0-65535
add action=src-nat chain=srcnat disabled=yes dst-address=0.0.0.0/0 out-interface=1_WAN protocol=tcp src-address=\
0.0.0.0/0 to-addresses=0.0.0.0 to-ports=0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.43.141.20 protocol=tcp to-addresses=10.0.0.9 to-ports=\
0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.42.133.50 protocol=tcp to-addresses=10.0.0.100 to-ports=\
0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.43.141.20 protocol=udp to-addresses=10.0.0.9 to-ports=\
0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.43.141.194 protocol=tcp to-addresses=192.168.110.40 \
to-ports=0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.43.141.194 protocol=udp to-addresses=192.168.110.40 \
to-ports=0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.42.133.50 protocol=udp to-addresses=10.0.0.100 to-ports=\
0-65535
add action=src-nat chain=srcnat disabled=no protocol=tcp src-address=10.0.0.9 to-addresses=61.43.141.20 to-ports=\
0-65535
add action=src-nat chain=srcnat disabled=no protocol=tcp src-address=192.168.110.40 to-addresses=61.43.141.194 \
to-ports=0-65535
add action=src-nat chain=srcnat disabled=no protocol=tcp src-address=10.0.0.100 to-addresses=61.42.133.50 to-ports=\
0-65535
add action=src-nat chain=srcnat disabled=no protocol=udp src-address=10.0.0.9 to-addresses=61.43.141.20 to-ports=\
0-65535
add action=src-nat chain=srcnat disabled=no protocol=udp src-address=192.168.110.40 to-addresses=61.43.141.194 \
to-ports=0-65535
add action=src-nat chain=srcnat disabled=no protocol=udp src-address=10.0.0.100 to-addresses=61.42.133.50 to-ports=\
0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.43.141.10 protocol=tcp to-addresses=192.168.150.87 \
to-ports=0-65535
add action=dst-nat chain=dstnat disabled=no dst-address=61.43.141.10 protocol=udp to-addresses=192.168.150.87 \
to-ports=0-65535
add action=src-nat chain=srcnat disabled=no protocol=tcp src-address=192.168.150.87 to-addresses=61.43.141.10 \
to-ports=0-65535
add action=src-nat chain=srcnat disabled=no protocol=udp src-address=192.168.150.87 to-addresses=61.43.141.10 \
to-ports=0-65535