Community discussions

 
BigCalhoun
just joined
Topic Author
Posts: 1
Joined: Sun Jun 16, 2019 8:35 pm

Help with port forwarding

Sat Aug 03, 2019 7:50 pm

I have a pfSense box as my edge device running an OpenVPN server and allowing all traffic for now (10.0.11.3), a RB4011+ router (10.0.11.1), and CRS125 switch (10.0.11.2). I've reviewed previous threads on the topic and read the Mikrotik documentation. I have a NAT and filter rule setup to forward the port (5100) to the OpenVPN on pfSense box. On the LAN, the OpenVPN server is working correctly. From the Internet, I can see the counter for the rules increment as I attempt to connect but it seems no traffic is coming back from my network. I'm stumped. I'd appreciate if someone could like at my firewall rules and point me in the right direction as to where my error could be.
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward dst-port=5100 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=5100 protocol=udp to-addresses=10.0.11.3 to-ports=5100
 
ros44
newbie
Posts: 37
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

Re: Help with port forwarding

Sun Aug 04, 2019 2:11 pm

Can you please provide a simple topology diagram with the IP addresses and the name of the interfaces.
Every moment something magical is happening!

Who is online

Users browsing this forum: Bing [Bot] and 23 guests