RB2011UiAS-2HnD port forwarding issue

RouterOS Beginner Basics
1

Hello, I presume this topic might have been beaten to death, but I’m a beginner in RouterBOARD devices and therefore would appreciate a fresh look on the issue puzzling me for a few days.

The story is as follows: I have a Mikrotik connected to another router (de facto gateway for MikroTik). Port 80 works fine, as it should, I need to forward port 9090 however for RDP sessions. The configuration is as follows:

I followed tutorials for beginners regarding the port forwarding / NAT issues and my NAT/filter rules are as follows:

The Gateway itself is set to just forward everything to MikroTik:

But what happens as a result is this:

When I use the packet sniffer (direction: any) in MikroTik, here’s what I see:

I tried disabling the “drop input in.interface ether1-gateway” rule because I suspect it has something to do with firewall - but this changes port status (when scanned) from filtered to ‘closed’. Adding “accept input from 192.168.3.1” results in the same outcome, i.e. I can see incoming packets matching that rule (RDP) but the connections is refused:

And yes, I’m able to connect to 192.168.1.5:9090 from within LAN. The whole issue arose after replacing an old router with a MikroTik, so I’m pretty sure it’s only a matter of me not configuring it properly.

Everything best in the New Year and thanks in advance for your help.

2

i may be wrong, as i’m a newb to mikrotik as well, however you nat rules don’t look right to me.

i’ll show you an example of what i would do to forward 9090 to a ip on my lan. no need to input a port number on the action tab, unless you want it redirected to a different port.
9090.tiff (32 KB)
9090 2.tiff (26.3 KB)

3

Thanks for the tip!

I followed your suggestion, unfortunately it does not work either. The only change is that I can see a single packet actually coming every time I try to establish an RDP connection:

I tried to switch off the ‘drop input’ ether1-gateway rule in addition, but it seems that it does not affect the issue in any way.

I can’t see anything in the sniffer this time though.

Edit:
Silly me, I’ve been checking the port from inside the LAN, once I switched to remote location and tested from there, everything worked. So big thanks for your advice!

4

Good deal. Glad to help.