Community discussions

MikroTik App
 
fantoms
just joined
Topic Author
Posts: 2
Joined: Sat Mar 02, 2019 3:39 pm

Port forwarding not working. Minecraft Bedrock Server

Sat Mar 20, 2021 11:39 am

Hi guys,
I am an ordinary user and I am trying to run a Minecraft Bedrock server for a couple of friends. The server is running but no one from WAN can reach it. Only from LAN.
I tried port forwarding and firewall filter rule but with no success. When I try to ping the port 13192 it appears to be closed. I use ping.eu if it matters.

So please help.

Thank you in advance!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forwarding not working. Minecraft Bedrock Server

Tue Mar 23, 2021 2:01 am

Upgrade your firmware its dated, use long term version 6.47.9

From
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=19132 in-interface=ether1 \
in-interface-list=WAN protocol=tcp src-port=19132 to-addresses=\
192.168.88.172 to-ports=19132
add action=dst-nat chain=dstnat disabled=yes dst-port=19132 in-interface=\
ether1 protocol=tcp to-addresses=192.168.88.172 to-ports=19132


TO
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=19132 \
in-interface-list=WAN protocol=tcp to-addresses=\
192.168.88.172
(Note: dont need to ports if same as dst-port)

Ensure this line in your winbox has DNS selected.
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 dns-server=192.168.88.1

These input rules need work, the one in red looks more like a nat rule in the wrong place..........
/ip firewall filter
{forward chain seem seems OK}
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN

{input chain needs work}
add action=accept chain=input connection-state=\
established,related,untracked
add action=drop chain=input connection-state=\
invalid
add action=accept chain=input protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN


This rule needs to be removed.
add action=accept chain=forward dst-address=192.168.88.172 dst-port=19132 \
protocol=tcp
 
fantoms
just joined
Topic Author
Posts: 2
Joined: Sat Mar 02, 2019 3:39 pm

Re: Port forwarding not working. Minecraft Bedrock Server

Tue Mar 23, 2021 8:25 pm

@anav
you are doing such a great job by helping so many people.

I made the changes you proposed (except the firmware upgrade) but the 19132 port is still closed.

I am attaching the new config file.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forwarding not working. Minecraft Bedrock Server

Tue Mar 23, 2021 8:39 pm

(1) Didnt make this change LOL should be bridge.
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0

(2) not a pppoe guy but shouldnt the dhcp client be the pppoe interface??
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1

(3) Missing an important default input chain firewall rule for security.
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN


(4) Other than that I cannot see anything ???? Once you have changed the above give it a try.
If still doesn't work disable UPNP and see if that helps (clutching at straws LOL)
Finally, can you confirm you get a public IP address at the router?? If you get a private IP it would be impossible to port forward unless the router ahead of you forwards all ports to your Router.


(5) Suggest you re order your rule so they are easier to read and thus not screw up.
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN

add chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN

Who is online

Users browsing this forum: Adephx, MaxwellsEq and 44 guests