Community discussions

MikroTik App
 
jazap87
just joined
Topic Author
Posts: 1
Joined: Sun Apr 25, 2021 7:33 pm

Port forwarding not working

Sun Apr 25, 2021 7:37 pm

Installed my HEX s router.
Please let me know the the YT folks led me astray regarding setting up port forwarding.

# apr/25/2021 10:56:53 by RouterOS 6.48.2
# software id = NSM5-XU4D
#
# model = RB760iGS
# serial number = E1F20DB92C36
/interface bridge
add admin-mac=08:55:31:FE:6E:5A auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.32.100-192.168.32.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.32.1/24 comment=defconf interface=bridge network=\
192.168.32.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.32.102 client-id=\
ff:4c:11:26:3c:0:2:0:0:ab:11:9a:b0:fd:48:c8:31:5e:36 mac-address=\
B8:AE:ED:76:5F:A4 server=defconf
/ip dhcp-server network
add address=192.168.32.0/24 comment=defconf gateway=192.168.32.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.32.1 comment=defconf disabled=yes name=router.lan
add address=1.1.1.1 name=cloudflare1
add address=1.0.0.1 name=cloudflare2
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment="ACTAK SE 80" dst-address=\
192.168.32.102 dst-port=80 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="Mumble server 64738" dst-address=\
192.168.32.102 dst-port=64738 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS UI 19023" dst-address=\
192.168.32.102 dst-port=19023 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS SSL 8089" dst-address=\
192.168.32.102 dst-port=8089 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS TCP 8087" dst-address=\
192.168.32.102 dst-port=8087 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS UI 5000" dst-address=\
192.168.32.102 dst-port=5000 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="nextcloud Talk 3478" dst-address=\
192.168.32.102 dst-port=3478 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="Rocket.chat 3000" dst-address=\
192.168.32.102 dst-port=3000 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="ACTAK SE 443" dst-address=\
192.168.32.102 dst-port=443 in-interface=ether1 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="ACTAK SE 80" dst-port=80 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=80
add action=dst-nat chain=dstnat comment="FTS UI 19023" dst-port=19023 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
19023
add action=dst-nat chain=dstnat comment="FTS SSL 8089" dst-port=8089 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
8089
add action=dst-nat chain=dstnat comment="FTS TCP 8087" dst-port=8087 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
8087
add action=dst-nat chain=dstnat comment="FTS UI 5000" dst-port=5000 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
5000
add action=dst-nat chain=dstnat comment="ACTAK SE 443" dst-port=443 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=443
add action=dst-nat chain=dstnat comment="Rocket.chat 3000" dst-port=3000 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
3000
add action=dst-nat chain=dstnat comment="nextcloud Talk 3478" dst-port=3478 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
3478
add action=dst-nat chain=dstnat comment="Mumble server 64738" dst-port=64738 \
in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=\
64738
/system clock
set time-zone-name=America/New_York
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Port forwarding not working

Mon Apr 26, 2021 12:04 pm

I can not see any direct errors in you config. You have a public outside IP (you are not behind another NAT router)?

Try this site to test your ports (TCP):
https://canyouseeme.org/

Look at winbox and see both at NAT and Filter Rules that you get packet counts.

PS, you do not need to-ports when its the same as dst-port-
add action=dst-nat chain=dstnat comment="ACTAK SE 80" dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.32.102 to-ports=80
can be change do
add action=dst-nat chain=dstnat comment="ACTAK SE 80" dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.32.102
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Port forwarding not working

Mon Apr 26, 2021 12:18 pm

Hello,

i cannot see any ip address for ether1, how is it configured?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Port forwarding not working

Mon Apr 26, 2021 1:23 pm

With DHCP, you do not see outside IP in config.
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
To see IP, you need type
/ip dhcp-client print
or
/ip address print
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forwarding not working

Mon Apr 26, 2021 1:41 pm

For some strange reason you put a duplicate of the Destination NAT rules in the forward chain, GET RID OF THEM.
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked

add action=accept chain=forward comment="ACTAK SE 80" dst-address=\
192.168.32.102 dst-port=80 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="Mumble server 64738" dst-address=\
192.168.32.102 dst-port=64738 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS UI 19023" dst-address=\
192.168.32.102 dst-port=19023 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS SSL 8089" dst-address=\
192.168.32.102 dst-port=8089 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS TCP 8087" dst-address=\
192.168.32.102 dst-port=8087 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="FTS UI 5000" dst-address=\
192.168.32.102 dst-port=5000 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="nextcloud Talk 3478" dst-address=\
192.168.32.102 dst-port=3478 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="Rocket.chat 3000" dst-address=\
192.168.32.102 dst-port=3000 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="ACTAK SE 443" dst-address=\
192.168.32.102 dst-port=443 in-interface=ether1 protocol=tcp

Who is online

Users browsing this forum: No registered users and 40 guests