[solved] Having trouble creating a basic firewall rule

distantsoil · March 21, 2015, 5:41am

My config is about as bare as can be, but I’m having trouble creating a basic firewall rule. I don’t even see traffic hitting it.

I’m trying to open port 3389 to allow connections from the internet to my home desktop, but I’m not seeing any traffic hit it at all.

Any suggestions?

Here’s my firewall export

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add chain=dstnat dst-address=192.168.1.106 dst-port=3389 in-interface=ether1-gateway protocol=tcp src-port=3389

rjscomms · March 21, 2015, 6:47am

Hello,

you have no action statement in your NAT rule.

Have a look at this site for example.

http://www.icafemenu.com/how-to-port-forward-in-mikrotik-router.htm

Dave.

distantsoil · March 21, 2015, 3:27pm

Ah hah! Thank you

I had tried creating a destination IP address on the first page of the NAT setup as well as setting the action to allow rather than dst-nat

Thanks!

vstman · March 22, 2015, 3:35pm

I use netmap…what is the difference? Also needs a hairpin.