Weird port forwarding issue.

Athan · December 16, 2010, 1:58pm

What I want to achieve is to enable forwarding of uTorrent ports. Just for simplicity I didn’t use any firewall filter rules during test.

First run: Enabled UPNP on both uTorrent and router.

/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=pppoe-wan type=external
add disabled=no interface=bridge-lan type=internal

uTorrent’s (2.2) Setup Guide - Network test finished green. No problem so far.
UPNP as expected had created the last two dynamic NAT rules shown below (BTW xxx.xxx.xxx.xxx is my external IP, 192.168.0.2 is the computer where uTorrent runs and 192.168.0.1 is the router/bridge interface IP).

 0   chain=srcnat action=masquerade out-interface=pppoe-wan 
 1   ;;; Redirect to proxy
     chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80 
 2 D chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=56881 protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=56881 
 3 D chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=56881 protocol=udp dst-address=xxx.xxx.xxx.xxx dst-port=56881

Next run: Disabled UPNP on both uTorrent and router. Dynamic NAT rules where removed.
Then I rewrite those two rules by hand, exactly as they where before.

 0   chain=srcnat action=masquerade out-interface=pppoe-wan 
 1   ;;; Redirect to proxy
     chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80 
 2   ;;; uTorrent
     chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=56881 protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=56881 
 3   chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=56881 protocol=udp dst-address=xxx.xxx.xxx.xxx dst-port=56881

Unfortunately uTorrent’s network test failed this time finishing red. After a few minutes of scratching my head I disabled web proxy rewrite NAT rule and voila, uTorrent finished green once again.

Any idea of why redirecting port 80 to proxy affects forwarding port 56881, and why this didn’t happen when UPNP was enabled?

Thanks in advance!

fewi · December 16, 2010, 3:22pm

That’s more or less impossible. That port 80 redirect rule cannot have any effect on destination NAT rules that deal with other ports.

Is it possible uTorrent during the second test was not using port 56881? Can you hard set the port in uTorrent and try again with static rules?

Athan · December 16, 2010, 4:30pm

I know that this sounds impossible but it’s exactly what happens. After all it’s an easy to reproduce behavior. I run the above test many many times getting exactly the same results. Even tried to compare config exports with and without UPNP checking if it alters other settings; as expected UPNP only creates those two nat rules.

I removed all firewall filters simplifying setup, rearranged nat rules but nothing changed. Whatever I did upnp dynamically created rules work with or without proxy redirect but static ones work only after disabling it.

Athan · December 17, 2010, 6:05am

I hate bumping my own thread, but anyone has any idea regarding this issue?

fewi · December 17, 2010, 1:59pm

If you are 100% certain take supout.rif files in both cases and contact support@mikrotik.com as that would be a bug.

Athan · December 17, 2010, 3:13pm

Maybe I will. Not that I care really about uTorrent, just wondering why it behaves this way.
In any case HTTP port redirect seems that only affects uTorrent own test results. Nmap and other remote scanners detect port successfully forwarded so no problem with ROS itself.

Thanks fewi!