MikroTik

Helo guys.

Im having a trouble trying to port forward port 8080
I have a webserver and when a try to redirect wab traffic to him, mkt router dont forward.
If i set the listening port to 8081, for example, and add a nat dstnat rule to 8081 it works fine.

I realized that the mkt proxy works on port 8080 but, proxy is disabled. I've already triple checked that on ip>proxy

My nat rules are:
ip firewall nat
add chain=dstnat protocol=tcp dst-port=8080 action=dst-nat to-addresses=192.168.230.250 to-ports=8080 comment="portal webserver" disabled=no

Along that, a have another nat rule to another webserver (on other port) thats works fine
ip firewall nat
add chain=dstnat protocol=tcp dst-port=9090 action=dst-nat to-addresses=192.168.100.251 to-ports=9090 comment="os dashboard" disabled=no

Anyone have an idea to how make de mkt dont think that port 8080 is for proxy??

Thanks all!!

You need to include the in-interface=eth1-wan in your destination nat rule.

Anyone have an idea to how make de mkt dont think that port 8080 is for proxy??

That's not it. There's no special treatment for proxy. Even if it was enabled, dstnat rule would override it. Enable logging for the rule and see if there are matching packets. If not, it could be ISP doing some filtering. If you see them coming, it's your config, either on router or on target device.

@anav: That's not it either. It's not ideal to have no specification of destination, but not having it is not what breaks things in this case.

Anyone have an idea to how make de mkt dont think that port 8080 is for proxy??

That's not it. There's no special treatment for proxy. Even if it was enabled, dstnat rule would override it. Enable logging for the rule and see if there are matching packets. If not, it could be ISP doing some filtering. If you see them coming, it's your config, either on router or on target device.

@anav: That's not it either. It's not ideal to have no specification of destination, but not having it is not what breaks things in this case.

Sigh...........I long for the day.
@anav: Finally, disciple anav you have snatched the pebble from my hand. You may go forth into the world and get paid for MT configurations.

Maybe one day... but it will require updated strategy, something a little more advanced than "I have it in my config and you don't, so maybe try to add the same to yours".

You have a point, lets get rid of nationalism, religion (and my configs) and share our cultures through food and alcohol. This is the path towards one peoples, peace and fullfilment!!

I don't know where all those things came from, and I have nothing against your configs. I'm just saying that I'm reading a lot of your posts and some of your advices are more trial & error suggestions than they could be, if you read the manual first.

I don't know where all those things came from, and I have nothing against your configs. I'm just saying that I'm reading a lot of your posts and some of your advices are more trial & error suggestions than they could be, if you read the manual first.

The alternative is post nothing. I learn by trial and error LOL ( I must be human ) . Reading as much as I can but if I dont understand,,,,,,,,,,,,,
Its not a manual its a cryptic scroll in an ancient forgotten language.

The alternative is post nothing.

Why's this such a dreadful option?

Two thoughts. First, do your firewall rules allow the port forwarding? If you have an "all all DST-NAT" rule in the forward chain, that would take care of it, but if you don't do that, you generally need to specifically allow the forward. This is not likely the case since port forwarding worked on port 8081, so you either have the first allow rule or you added a specific one.

Second, could your ISP be blocking port 8080? You could add a counter rule early in your forward chain to make sure that packets are actually arriving at the router. Those can be very helpful in troubleshooting. Here is an example of one of mine: Obviously, that rule needs to be before any other rule that would allow the packet (such as an "allow all established and related" packets).

My isp don't block 8080, i've tryed a port forward on 8080 with a dlink router and works fine.
I've tried a passthroug rule to see if the counter go high, and it doesnt.
Logging the rule doesnt return nothing.

There is something being missed here. Export your configuration and post it.
/export hide-sensitive

The alternative is post nothing.

Why's this such a dreadful option?

Ha ....

sorry, in the business of helping OP. if the dst-nat rule has no traffic passing through, you need to check why the traffic is not reaching. complete config would give us more idea

For tests, i've no rules at all. Just dstnat to 8080 and another to 8081.
As said, 8081 works.

You already got the hint about logging, so expand it a little: And then see where exactly is the difference between 8080 and 8081.