Hi Guys,

Im new to the whole RouterOS thing. A mate of mine kindly hooked me up with a RB150 unit (updated to RouterOS 3.24) and set it up so my internet connection is working and showed me how to do port forwarding under firewall >> NAT.

Now my question, i can happily host things like Ventrilo, DOTA games, etc by doing the necessary port forwarding, which btw is using the TCP protocol. So i dont think i am doing the prot forwarding wrong. Demigod uses p2p technology to host and join online games. It uses UDP ports ranging from (6002-6200), no TCP. Ive tried Port Forwarding(pf) those UDP ports to my PC, but for some reason, i still cant connect to any games or even host for that matter.

Also, i dont have my firewall on on my PC, i have turned it off.


My Network setup is as follows:

DSL Modem >>>>> RB150 Unit >>>>> PC

Anyone have any idea how i can locate and fix the issue? I am not very techinical in thie field, so please bear with me


Thanks in advance for any help you guys give me!!!

Cheers
Chunkyfeather

anyone?

Is the Routerboard connected to the DSL via an unroutable IP address? If so, then there are 2 options.

Either:

1. setup the RouterBoard IP as a DMZ in your DSL router (if it allows that)
   or
2. The better solution is to put the DSL modem in Bridge mode, and setup PPPoe client on the Routerboard. That way, the RouterBoard gets the public IP address, and forwarding is very simple from that point.

Hope that helps. If your stuck, post the make/model of the DSL router and I’ll see if I can help you setup Bridging.

Regards

Jimbo

Hi,

Thanks for the reply. Much appreciated!!!

I have the DSL Modem setup in bridged mode already with PPPOE connection setup in the RB.

DSL Modem (Bridged mode) >>> RouterBoard >>> PC

Any other ideas?

Thanks

Try forwarding port 6073 also as this was listed as a server port for Demigod.

If that didn’t work, temporarily forward all of the ports to 1 machine creating a DMZ, and running the problematic service. If it worked, then use torch to see just what ports are in use and forward appropriately.

Just a thought, your not using UPNP on the RB150 are you? I personally don’t use it, but I know a lot of people have been having issues with it.

Regards

Jimbo

Hi,

Thanks for your response.

Yeah i am using upnp. Enabled it to try fix the issue, but no luck.

I will try forward all the ports

Thanks.

No luck still.

And other ideas?

If you plug the DSL modem directly into your PC, and setup a DMZ to it, does it all work properly? If it does, post up your config from the routerboard.

Jimbo.

Hi,

How do i get the config from the routerboard? Im new to this.


Thanks

/export file=mystoredconfig

K i think i got it Geez i hope i dont post anything here thats too sensitive

[admin@MikroTik] > export hide-sensitive

may/29/2009 14:41:31 by RouterOS 3.24

software id = 7198-3TT

/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=“” disabled=no full-duplex=yes mac-address=00:0C:42:12:4C:EF master-port=none mtu=1500 name=LAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=“” disabled=no full-duplex=yes mac-address=00:0C:42:12:4C:F0 master-port=none mtu=1500 name=ADSL speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=“” disabled=no full-duplex=yes mac-address=00:0C:42:12:4C:F1 master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=“” disabled=no full-duplex=yes mac-address=00:0C:42:12:4C:F2 master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=“” disabled=no full-duplex=yes mac-address=00:0C:42:12:4C:F3 master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface wireless security-profiles
set default authentication-types=“” eap-methods=passthrough group-ciphers=“” group-key-update=5m interim-update=0s mode=none name=default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no
radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-sta-private-algo=none
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates unicast-ciphers=“”
/ip hotspot profile
set default dns-name=“” hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name=default open-status-page=always shared-users=1 status-autorefresh=1m transparent-proxy=yes
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-time=3d name=dhcp1
/port
set 0 baud-rate=115200 data-bits=8 flow-control=none name=serial0 parity=none stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment=“” name=default only-one=default use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment=“” name=default-encryption only-one=default use-compression=default use-encryption=yes use-vj-compression=default
/interface pppoe-client
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“” dial-on-demand=no disabled=no interface=ADSL max-mru=1480 max-mtu=1480 mrru=disabled name=“TelkomSA (Intl)” password=HIDDEN profile=
default service-name=“” use-peer-dns=yes user=HIDDEN
add ac-name=“” add-default-route=no allow=pap,chap,mschap1,mschap2 comment=“” dial-on-demand=no disabled=no interface=ADSL max-mru=1480 max-mtu=1480 mrru=disabled name=“OpenWeb (Local)” password=HIDDEN profile=default
service-name=“” use-peer-dns=no user=HIDDEN
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“” dial-on-demand=no disabled=yes interface=ADSL max-mru=1480 max-mtu=1480 mrru=disabled name=“Web Africa” password=HIDDEN profile=default
service-name=“” use-peer-dns=yes user=HIDDEN
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“” direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=10M/10M name=“Download PC” parent=none priority=8 queue=
default-small/default-small target-addresses=192.168.0.12/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“” direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=10M/10M name=“Gaming PC” packet-marks=“” parent=none priority=8
queue=default-small/default-small target-addresses=192.168.0.10/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“” direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=10M/10M name=PS3 parent=none priority=8 queue=
default-small/default-small target-addresses=192.168.0.14/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“” direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=10M/10M name=Suzannah parent=none priority=8 queue=
default-small/default-small target-addresses=192.168.0.11/32 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment=“” direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=10M/10M name=“Lounge Media PC” parent=none priority=8 queue=
default-small/default-small target-addresses=192.168.0.15/32 total-queue=default-small
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment=“” disabled=no ignore-as-path-len=no name=default out-filter=“” redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name=backbone type=default
/snmp
set contact=“” enabled=no engine-boots=0 engine-id=“” location=“” time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password=“” authentication-protocol=MD5 encryption-password=“” encryption-protocol=DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=175MHz cpu-mode=power-save enable-jumper-reset=yes enter-setup-on=any-key force-backup-booter=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=175MHz cpu-mode=power-save enable-jumper-reset=yes enter-setup-on=any-key force-backup-booter=no
/user group
add comment=“” name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,!ftp,!write,!policy
add comment=“” name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,!ftp,!policy
add comment=“” name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet mirror
set mirror-port=none source-port=none
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:91:6C:A7:A1:0A max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=
no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.1/24 broadcast=192.168.0.255 comment=“” disabled=no interface=LAN network=192.168.0.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.0.10 client-id=1:0:1a:4d:5f:c9:3c comment=“Gaming PC” disabled=no mac-address=00:1A:4D:5F:C9:3C server=dhcp1
add address=192.168.0.11 client-id=1:0:14:85:f1:55:b3 comment=Suzannah disabled=no mac-address=00:14:85:F1:55:B3 server=dhcp1
add address=192.168.0.12 client-id=1:0:c:29:73:47:30 comment=“Download PC” disabled=no mac-address=00:0C:29:73:47:30 server=dhcp1
add address=192.168.0.14 client-id=1:0:1f:a7:e:a7:9d comment=PS3 disabled=no mac-address=00:1F:A7:0E:A7:9D server=dhcp1
add address=192.168.0.15 client-id=1:0:16:e6:88:4f:ce comment=“Lounge Media PC” disabled=no mac-address=00:16:E6:88:4F:CE server=dhcp1
add address=192.168.0.17 client-id=1:0:6:dc:43:87:3 comment=“Bedroom Media Center” disabled=no mac-address=00:06:DC:43:87:03 server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 comment=“” dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=196.43.50.190 secondary-dns=196.43.53.190
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=30s
/ip firewall filter
add action=reject chain=input comment=“” connection-state=new disabled=no dst-port=22 in-interface=“TelkomSA (Intl)” protocol=tcp reject-with=icmp-network-unreachable
add action=reject chain=input comment=“” disabled=no dst-port=22 in-interface=“OpenWeb (Local)” protocol=tcp reject-with=icmp-network-unreachable
/ip firewall mangle
add action=mark-routing chain=prerouting comment=“” disabled=no new-routing-mark=Local passthrough=yes src-address=192.168.0.12
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=“TelkomSA (Intl)”
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=“OpenWeb (Local)”
add action=dst-nat chain=dstnat comment=DOTA disabled=yes dst-port=6112-6119 in-interface=“TelkomSA (Intl)” protocol=tcp to-addresses=192.168.0.10 to-ports=6112-6119
add action=dst-nat chain=dstnat comment=Ventrilo disabled=yes dst-port=3784 in-interface=“TelkomSA (Intl)” protocol=tcp to-addresses=192.168.0.10 to-ports=3784
add action=dst-nat chain=dstnat comment=Ventrilo disabled=yes dst-port=3389 in-interface=“TelkomSA (Intl)” protocol=tcp to-addresses=192.168.0.12
add action=dst-nat chain=dstnat comment=“” disabled=yes dst-port=6002-6200 in-interface=“TelkomSA (Intl)” protocol=tcp to-addresses=192.168.0.10 to-ports=6002-6200
add action=dst-nat chain=dstnat comment=“” disabled=yes dst-port=6100 in-interface=“TelkomSA (Intl)” protocol=udp to-addresses=192.168.0.10
add action=dst-nat chain=dstnat comment=“” disabled=yes dst-port=6002-6200 in-interface=“TelkomSA (Intl)” protocol=udp to-addresses=192.168.0.10 to-ports=6002-6200
add action=dst-nat chain=dstnat comment=“” disabled=yes dst-port=0-65535 in-interface=“TelkomSA (Intl)” protocol=tcp to-addresses=192.168.0.10 to-ports=0-65535
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set LAN discover=yes
set ADSL discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set “TelkomSA (Intl)” discover=no
set “OpenWeb (Local)” discover=no
set “Web Africa” discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip route
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=196.209.3.1 routing-mark=Local scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=165.165.0.0/16 gateway=“OpenWeb (Local)”
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=8080
set ssh address=0.0.0.0/0 disabled=yes port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=ADSL type=external
add disabled=no interface=LAN type=internal
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set LAN queue=ethernet-default
set ADSL queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set “TelkomSA (Intl)” queue=default
set “OpenWeb (Local)” queue=default
set “Web Africa” queue=default
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=no
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no redistribute-connected=no redistribute-ospf=no redistribute-static=no
timeout-timer=3m update-timer=30s
/store
add comment=“” disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Africa/Johannesburg
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=“jan/01/1970 00:00:00” time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix=“” topics=info
add action=memory disabled=no prefix=“” topics=error
add action=memory disabled=no prefix=“” topics=warning
add action=echo disabled=no prefix=“” topics=critical
/system note
set note=“” show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=196.25.1.1 secondary-ntp=0.0.0.0
/system scheduler
add comment=“” disabled=no interval=30m name=ChangeIP on-event=ChangeIP policy=read,write,test start-time=startup
/system script
add name=ChangeIP policy=ftp,reboot,read,write,policy,test,winbox,password,sniff source=“# Define User Variables\r
\n:global ddnsuser "HIDDEN"\r
\n:global ddnspass "HIDDEN"\r
\n:global ddnshost "HIDDEN"\r
\n\r
\n# Define Global Variables\r
\n:global ddnsip\r
\n:global ddnslastip\r
\n:if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip "0" }\r
\n\r
\n:global ddnsinterface\r
\n:global ddnssystem ("mt-" . [/system package get system version] )\r
\n\r
\n# Define Local Variables\r
\n:local int\r
\n\r
\n# Loop thru interfaces and look for ones containing\r
\n# default gateways without routing-marks\r
\n:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes] do={ \r
\n :if ([:typeof [/ip route get $int routing-mark ]] != str ) do={\r
\n :global ddnsinterface [/ip route get $int interface]\r
\n } \r
\n}\r
\n\r
\n# Grab the current IP address on that interface.\r
\n:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface ] address ]\r
\n\r
\n# Did we get an IP address to compare?\r
\n:if ([ :typeof $ddnsip ] = nil ) do={\r
\n :log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")\r
\n} else={\r
\n\r
\n :if ($ddnsip != $ddnslastip) do={\r
\n\r
\n :log info "DDNS: Sending UPDATE!"\r
\n :log info [ :put [/tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass ] ]\r
\n :global ddnslastip $ddnsip\r
\n\r
\n } else={ \r
\n :log info "DDNS: No update required."\r
\n }\r
\n\r
\n}\r
\n\r
\n# End of script”
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from=<> password=“” server=0.0.0.0:25 username=“”
/tool graphing
set store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number=“” keep-max-sms=0 reader-running=no secret=“”
/tool sniffer
set file-limit=10 file-name=“” filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535 filter-protocol=all-frames filter-stream=yes interface=“TelkomSA (Intl)” memory-limit=100 only-headers=no
streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[admin@MikroTik] >

The first thing I notice is this.

Those rules are disabled, so no routing beijng done

I think your over complicating your firewall also.

Enable those rules, and see how you go on. If it doesn’t work, then connect the DSL modem directly to your PC and create a DMZ to it. You need to confirm that your ISP is not blocking those ports, or is seeing the games traffic as file sharing, for which it may have rules to block at it’s end.

If the modem connected directly to the PC works, then we need to simply your firewall rules, but at least we know where to start. I am out in town at the moment, so cannot really analyse those rules. Hopefully, by the time I get back and can, you’ll be able to have verified if the game works fine without the RB in the mix.

Jimbo

Hi,

Thanks for you assistance so far

Yeah ive disabled them for the moment, but when i was trying to connect those rules were enabled.

I will try connecting without the mikrotik being involved, i.e. use the modem to connect to web.

Will let u know how it goes.

Thanks!

Its definitely not my ISP, when i connected directly, everything worked. So something is wrong on the mikrotik



Damn

Remove your current firewall, and try this. Also ensure that you have ARP enabled on all your interfaces.

/ip firewall nat
add chain=srcnat src-address=192.168.0.0/24 action=masquerade
add chain=dstnat protocol=tcp dst-port=6002-6200 in-interface=“XXXXXX” action=dst-nat
to-addresses=192.168.0.10 to-ports=6002-6200
add chain=dstnat protocol=udp dst-port=6002-6200 in-interface=“XXXXXX” action=dst-nat
to-addresses=192.168.0.10 to-ports=6002-6200


XXXXXX = the name of your pppoe connection


/ ip firewall filter
add chain=input connection-state=established comment=“Accept established connections”
add chain=input connection-state=related comment=“Accept related connections”
add chain=input connection-state=invalid action=drop comment=“Drop invalid connections”
add chain=input protocol=udp action=accept comment=“UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 comment=“Allow limited pings”
add chain=input protocol=icmp action=drop comment=“Drop excess pings”
add chain=input in-interface=YYYYYY src-address=192.168.0.0/24 comment=“Internal Lan” action=accept
add chain=input action=log log-prefix=“DROP INPUT” comment=“Log everything else. Disable if it gets annoying”
add chain=input action=drop comment=“Drop everything else”

YYYYYY = the ethernet port your internal lan is connected to.


Does that work? Thats pretty much as simple as a firewall you’d find anywhere

Man thanks for the information, i was truly excited when i saw this configuration.

I tried the configuration, but i MUST be doing something wrong as it didnt work.

Geez i dont understand why, maybe i am just destined to have a patchy mikrotik, that does some things okay.

One thing i didnt mention was that i have the dsl router in bridged mode so that i can use it as the dialup device for my PPPOE connection, do you think it could be something there that is giving issues?


Thanks for ALL your help so far, i wouldnt blame you if you wanted to throw in the towel

Not quite with what your trying to explain.

Your DSL modem, should be in Bridged mode, and connected directly to the Routerboard. You should then setup a pppoe client on ROS and enter your connection details.

Check the status, and make sure you have a connection, and a public IP address assigned to the pppoe connection.

Setup firewall as above, and that should work.

Is that how your setup? If not, can you explain in detail how you are setup.

Jimbo

Hi Jimbo,

Yeah thats exactly how i am setup.