UPNP not working how it should (or port forwarding)

RouterOS General
1

Ok, I am trying to get my UPNP working or port forwarding so my Windows Home Server is accessable from the outside. I enabled UPNP, set my lan side to internat and my Wan side to external and enabled the dummy rule. When WHS opens the correct ports I can see them in the NAT table and they are being directed to the correct internal IP BUT I cannot access my WHS from the internet. I also tried a Iphone App that uses different ports and I entered the port forwarding manually for that and it still cannot connect. What do you all suggest?

/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=WAN type=external
add disabled=no interface=LAN type=internal

2

Do you have firewall filter rules blocking access?

/ip firewall filter print all
/ip firewall nat print all

Also, to set up ports for a permanent server it would be better to set up static port forwarding.

3

Yes, the IP for my server is static. Oh, and I have made no changes to my WHS and this all worked before using UPNP on my old Dlink.

[admin@MikroTik] > /ip firewall filter print all
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept src-address-list=admin-access

1 X chain=input action=drop protocol=tcp dst-port=21,22,23,80,443,8291


[admin@MikroTik] > /ip firewall nat print all
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; NAT rule
chain=srcnat action=masquerade out-interface=WAN

1 D chain=dstnat action=dst-nat to-addresses=192.168.1.182 to-ports=80
protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=80

2 D chain=dstnat action=dst-nat to-addresses=192.168.1.182 to-ports=443
protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=443

3 D chain=dstnat action=dst-nat to-addresses=192.168.1.182 to-ports=4125
protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=4125

4

There is nothing in that preventing access

What I would try:

  • telnet to the ports from within the LAN to make sure services are listening
  • telnet to the ports from the WAN to see if the three way handshake completes
  • make static NAT rules that exactly mirror the dynamic ones and turn off UPnP to rule out UPnP is at fault
  • check the host firewall on the server - recent Windows OS firewalls make a difference on source IP of the client and by default only allow same subnet access
5

Ok, I can now get remote access using my iphone app and using static port forwarding. However, I still cannot gain access to the website which uses different ports. Is there something in the firewall that would prevent a computer on the same network from accessing the a server using a URL? For example, my server and my computer are both on the same LAN with IPs 192.68.1.xx but I am trying to access the server using the external URL. Tomorrow I will try from work to access the website but I can normally access it from my network using the URL.

6

http://wiki.mikrotik.com/wiki/Hairpin_NAT
Other routers sometimes do that automagically.

7

Check out this post: http://forum.mikrotik.com/t/forward-chain-and-dynamic-nat-rules-when-using-upnp/40627/1

8

Ok, I just checked from my work computer and I have no problems connecting to my home server using static port forwarding. So I guess the problem when trying from within the same network has been solved. Now I am going to try disabling the static port forwarding and seeing if the UPNP works in it’s place. Thanks for the help.