Community discussions

 
mojoman
just joined
Topic Author
Posts: 10
Joined: Mon Jan 28, 2019 9:31 pm

problems with port forwarding

Sat May 18, 2019 12:39 pm

Hi,

I've set up a minecraft server on a raspberry pi. Everything works fine within the LAN. ss -tlpn shows that the server listens correctly on default port 25565.

I've set up port forwarding on my mikrotik GL750 using this:

/ip firewall nat add chain=dstnat protocol=tcp dst-port=25565 in-interface=ether1 action=dst-nat to-address=SERVER.INTERNAL.IP.HERE to-ports=25565

Double and triple checked the ports and IP, ether1 is my incoming interface. Still, it's not possible to connect from WAN and port scanning (using canyouseeme.org) can't detect the service on the port.

I've googled around and read the wiki's and to the best of my limited knowledge this should do it. The solution above have worked for others and I'm starting to suspect that the problem lies elsewhere. The reason is that when I do port scans t says that port 80 is closed too. That should register as open, right?

There is a modem before the GL750 but it is provided by the landlord so I can't really do anything with it. I'm at loss here, and any input would be appreciated.

regards
mojoman
 
mkx
Forum Guru
Forum Guru
Posts: 2955
Joined: Thu Mar 03, 2016 10:23 pm

Re: problems with port forwarding

Sat May 18, 2019 1:10 pm

Check settings in /ip firewall filter ...

Default rule, which allows DST-NAT, is very similar to this one:
add action=accept chain=forward comment="allow dst-nat connections from WAN" \
    connection-nat-state=dstnat connection-state=new in-interface=ether1
It works together with a very generic one
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
    connection-state=established,related,untracked
BR,
Metod
 
Sob
Forum Guru
Forum Guru
Posts: 4676
Joined: Mon Apr 20, 2009 9:11 pm

Re: problems with port forwarding

Sat May 18, 2019 1:59 pm

If the modem is actually router, then it's very likely that your GL750 doesn't have public address itself (and even the modem doesn't necesarily have any). And without public address there's no port forwarding (you can configure it, but nobody from internet will be able to reach it). So either you convince the landlord to forward a port to you (if the modem has public address) or you're out of luck.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mojoman
just joined
Topic Author
Posts: 10
Joined: Mon Jan 28, 2019 9:31 pm

Re: problems with port forwarding

Sat May 18, 2019 2:10 pm

Hi,

@mkx:
I have four filter rules, all from default configuration. All four are on input chain. One is to accept protocol icmp, one to accept established connections, one to accept related connections, and the last to drop incoming from ether1.

Is there any command to print out enabled firewall rules to the terminal? The four filter rules enabled from default doesn't seem like anything of the rules you posted.

@sob:
How would I find if the problem is connected to the modem?

I appreciate your input in this.
 
Sob
Forum Guru
Forum Guru
Posts: 4676
Joined: Mon Apr 20, 2009 9:11 pm

Re: problems with port forwarding

Sat May 18, 2019 2:47 pm

Check the IP address on GL750. If it's 10.x.x.x, 192.168.x.x, 172.16-31.x.x or 100.64-127.x.x, it's not public.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mkx
Forum Guru
Forum Guru
Posts: 2955
Joined: Thu Mar 03, 2016 10:23 pm

Re: problems with port forwarding

Sat May 18, 2019 3:21 pm

Command
/ip firewall filter print without-paging where chain=forward
will print out all firewall rules which affect traffic through router. If a rule is disabled, it'll show 'X' in column between sequential number and rule itself.

I think it'd be easier to help you if you posted complete output of /ip firewall export ... No need to redact internal IP addresses (nobody from internet can reach those), but do hide your public IP address (if it's there) ... hiding two least significant octets would do.

Btw, you can get IP address, bound to ether1, using command
/ip address print where interface=ether1
BR,
Metod
 
mojoman
just joined
Topic Author
Posts: 10
Joined: Mon Jan 28, 2019 9:31 pm

Re: problems with port forwarding [solved]

Sun May 19, 2019 10:25 am

Hi all,

The ISP hade given me an IP starting with 100, i.e. internal to them basically. I said I needed a public IP and they gave me one. Problem solved.

Thanks for your input, and it's always nice to pick up some things from the forum gurus.

mojoman

Who is online

Users browsing this forum: Majestic-12 [Bot] and 23 guests