Hello, I’m writing this form post because i cant seem to make port forwarding work. I want to allow WAN connections to communicate with a Windows box on the LAN. For VNC, and possibly RDP. I’m aware this is not a good idea, and that’s exactly why i want to do it…wink wink nudge nudge.
Hi
This shouldn’t be to hard: if you’re running (close to) default config, just define a dst-nat rule in NAT table, dst-nat chain. In the filter table, forward chain there should be a rule to allow all “new & dstnat” connection.
If that filter rule is not there add it or add one specific for your case.
You’ll need to define in-interface.
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop comment="Drop all other input"
add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat in-interface=ether-WAN comment="Allow Port forwards"
add chain=forward action=drop comment="Drop all other forward"
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"
add chain=dstnat action=dst-nat in-interface=ether-WAN protocol=tcp to-addresses=1.2.3.4 dst-port=123 to-ports=123 comment="Sample Port Forward"