Community discussions

MikroTik App
 
m82
just joined
Topic Author
Posts: 2
Joined: Thu Mar 18, 2021 8:05 pm

Port forwarding problem

Thu Mar 18, 2021 8:22 pm

Hi, I'm trying to activate port forwarding on 4681 with tcp protocol on a hAP lite TC without success, what I'm doing wrong?
# mar/18/2021 18:58:45 by RouterOS 6.29.1# software id = 4YHN-H7GI
#

/interface bridge
add admin-mac=E4:8D:8C:BA:95:F9 auto-mac=no name=bridge-local

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \    country=italy disabled=no distance=indoors frequency=auto l2mtu=1600 mode=\    ap-bridge rx-chains=0,1 ssid=**************** tx-chains=0,1 wireless-protocol=\    802.11

/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\    ether4-slave-local

/ip neighbor discovery
set ether1-gateway discover=no

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys

/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default

/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] name=default-encryption

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1

/ip address
add address=192.168.1.254/24 comment="default configuration" interface=\    ether2-master-local network=192.168.1.0
add address=192.168.2.253/24 interface=ether1-gateway network=192.168.2.0

/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\    ether1-gateway

/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" gateway=192.168.1.254 \    netmask=24

/ip dns
set allow-remote-requests=yes servers=192.168.2.254,8.8.8.8

/ip dns static
add address=192.168.1.254 name=router

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\    established,related
add action=drop chain=input comment="default configuration" in-interface=\    ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \    connection-state=established,related
add chain=forward comment="default configuration" connection-state=\    established,related
add action=drop chain=forward comment="default configuration" connection-state=\    invalid
add action=drop chain=forward comment="default configuration" \    connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
add chain=forward connection-state=new dst-address=192.168.1.192 dst-port=4681 \    protocol=tcp

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=\    ether1-gateway
add action=dst-nat chain=dstnat dst-port=4681 in-interface=ether1-gateway \    protocol=tcp to-addresses=192.168.1.192 to-ports=4681

/ip route
add distance=1 gateway=192.168.2.254

/ip upnp
set enabled=yes

/system clock
set time-zone-name=Europe/Rome

/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local

/tool romon port
add disabled=no
Thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forwarding problem

Fri Mar 19, 2021 12:27 pm

Couple of things,
(1) What version of firmware are you using, looks dated!

(2) Second, this
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=\ ether2-master-local network=192.168.1.0

Should be interface=YOUR BRIDGE

(3) The real problem is that your ISP address looks like a private IP address and NOT a public IP address meaning if the specific port isnt forwarded on the modem/router in front of your device, then port forwarding is not possible.

Note: Not fond of the firewall rules you have either but that may be a separate issue.
 
m82
just joined
Topic Author
Posts: 2
Joined: Thu Mar 18, 2021 8:05 pm

Re: Port forwarding problem

Sat Mar 20, 2021 2:06 pm

Thank you, I updated the firmware and corrected (2),even I suspected a private IP

Who is online

Users browsing this forum: Amazon [Bot] and 48 guests