Without export we can't say anything.Sorry in advance for the neophyte nature of my questions -
Internal IP of my desktop in question is 192.168.88.12X (windows 10 - Fiewall totally disabled (Domain - everything) Cable modem FW also is off)
I cant seem to forward ports. I tried the following resources
http://www.icafemenu.com/how-to-port-fo ... router.htm
Neither of these worked for any of the ports I tried to pass through.
Interestingly - i have 2 rules that work - one is on 443 and one is on 5000
the reference to 443 is in the filter rules (TCp port 443 - Action- accept ) - if I hit canyouseeme.org it says its open - if I disable the filter - its closed. So ok that seems like something works to me...
The reference to port 5000 is on NAT tab (TCP port 5000 To Adress is 192.168.88.139) NOTE this address is from a computer that no longer exists. If I change the to address to 192.168.88.12X the port is no longer reachable from Canyouseme.org.
I was basically just looking to make sure I wasnt blocking some gaming ports in an effort to tune my connection for online gaming. So I was most interested in ports -
So I setup the first rule for 3074 -- Ip/ Firewall/ Nat + (TCP - Port 3074 - Action DST-NAT) I the walk throughs didnt suggest a dest IP so I left that blank - but I experimented and adding a destination IP didnt help either.
is it possible that my assumption that canyouseeme.org cant see the port means its not open is wrong ?
/ip firewall export hide-sensitive
Code: Select all
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.125 to-ports=80
add action=dst-nat chain=dstnat dst-port=1900 in-interface=ether1-gateway protocol=udp to-addresses=192.168.88.139 to-ports=1900
add action=dst-nat chain=dstnat dst-port=5000 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.139 to-ports=5000-5001
Code: Select all
add action=dst-nat chain=dstnat dst-port=3074 in-interface=ether1-gateway protocol=tcp to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface=ether1-gateway protocol=udp to-ports=3074
add action=dst-nat chain=dstnat dst-port=4380 in-interface=ether1-gateway protocol=udp to-ports=4380
add action=dst-nat chain=dstnat dst-port=27015-27030 in-interface=ether1-gateway protocol=tcp to-ports=27015-27030
add action=dst-nat chain=dstnat dst-port=27036-27037 in-interface=ether1-gateway protocol=tcp to-ports=27036-27037
add action=dst-nat chain=dstnat dst-port=27000-27031 in-interface=ether1-gateway protocol=udp to-ports=27000-27031
add action=dst-nat chain=dstnat dst-port=27036 in-interface=ether1-gateway protocol=udp to-ports=27036
How you check this? Does 192.168.88.125 actually have a webserver (or something else) running on port 80? Maybe its the firewall on the machine? The gateway of 125 is the router?but this "add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.125 to-ports=80"
Does not work - 192.168.88.125 is a real address - but I cant check for an open port on 80 wiht this rule ...
That does not make sense.. There shouldn't be two to-ports=5000-5001 when only one dst-port is configured. That might does the trickThis "add action=dst-nat chain=dstnat dst-port=5000 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.139 to-ports=5000-5001" Works but only if I point the port to a phantom IP that is NOT in use...if I point that rule to an actual PC (192.168.88.125) it fails too.