Same port forward as external host

RouterOS General
1

Hi!

We have an alarm monitoring software on our server running on port “1234” (example), so we had to open that port on our Mikrotik router because the alarm panels do not have the possibility to establish a VPN connection.
The server provided by the alarm panel manufacturer also works on the same port and we need to be able to use it also for certain tests.
The problem is that having the port forward rule enabled, the connection to the manufacturer’s server does not work, I suppose that when that server responds, the connection is forwarded to our server instead of to the alarm panel.
The simplest solution would be to change the port, but since we already have many clients configured with our server, it is difficult for us to make this change.
Is there a way to make that when a connection is originated to the manufacturer’s server, the response is forwarded to a local IP?

Thanks

2

Do you forward just incoming connections to 1234, or did you make the usual mistake and forward all connection to port 1234, including outgoing ones?

3

Your description is very confusing.
Can you draw a network diagram to show the networking structure and relationships (location & traffic flow)

4

Thanks for the reply. We have this rule:


add action=dst-nat chain=dstnat dst-port=XXXX protocol=tcp to-addresses=
XXX.XXX.XXX.XXX to-ports=XXXX

5

Yup, just like @Sob predicted: dst-nat rule which redirects also connections originating from LAN targeting servers on intetnet if the target TCP port is the one. Ammend the shown rule by adding in-interface-list=WAN property (this assumes that firewall filter rules are done according to current Miktotik defaults) or something similar (e.g. in-interface=).

6

I’m good. If only I could do it with lottery numbers. :smiley:

On topic, other possibilities are dst-address=, or dst-address-type=local which matches any address assigned to router.

7

Perfect! Adding WAN as In. Interface List works.
Thanks

8

Ahh okay I see the connection (pun intended).
A port forwarding instruction so grossly malformed intruded upon forward chain action.
Yes Sob, sometimes you are lucky :wink:

I think the one at the front is for you, Sindy graciously declined the offer (I hope you like seconds) :stuck_out_tongue:
beers.jpg

9

@anav, the photograph almost made me puke … what did they do with nice friendly name of the beer in the centre of photograph. Gosh!

10

@anav: I think that both me and Sindy understand that reimporting beer from Canada is not the greatest idea. It would take until next year to get here. Who knows how it would be treated along the way, so it could probably spoil. Customs office would have hard time undertanding what the hell is going on, what is it we’re trying to smuggle in, because no sane person would be sending one regular can of beer from the other end of the world. They would probably charge some handling fee as a revenge, and it would cost more than I’d need if I wanted to drink myself to death using local sources. So I’ll decline too. :slight_smile:

11

@Sob: if you allow me to paraphrase commercial of a global financial corporation: you can get drunk for real small money by utilizing local resources … but having a drink on @anav is priceless .

12

Jajaja, the intention was for me to drink them and do a toast in yours and Sindys honour! Since MKX is in this thread and I only have two Czech beers maybe for him I will use the Grolsch, it has an ogre or bad elf like quality to the name.

13

So no Christmas spirit and urge to share? But toast is good too. :slight_smile:

14

Better the elf beer than that 6pack (or was it 4pack?) on the left side of photograph.

But anyway, when I’m told nicely (and in plain words) I can tell when I’m not welcome … so I’m outta here, enjoy your party!

15

What you have something against Polish beer, no one is turned away from the party LOL.