Hi all,,,
I'm Using MT and all is fine with me, but in the last few days one new customer on my network is subscribed at online video channels and he ask me to open port 5555 on tcp and udp can i do that ??? and how ???

I'm baffled by MT's approach to port forwarding, too.

My DSL modem enables me to forward a specific port to any internal IP address, so that I can set something like 'PublicIP:1234' to point to any internalIP:port I want eg 192.168.10.10:23 giving me telnet access from the Internet to any Internal MT router.

However to get any MT RBOS router to port forward it seems I have to create a VLAN with its own IP address and then dst-nat it to the 'internal' address, which is fine on my internal network where I have as many private addresses as I need but would be useless if the MT router was also the public/private gateway and so had only one address on the public side.

Maybe I'm missing something.

Hi all,,,
I'm Using MT and all is fine with me, but in the last few days one new customer on my network is subscribed at online video channels and he ask me to open port 5555 on tcp and udp can i do that ??? and how ???

Hi ;
a friend of mne sent me before photos about how to do port forwarding .
he took them from arabic forum , you will see comments in arabic on the photos .
who does not know arabic i hope he will understand the steps in the photos .
here i need to ask another question about port forwarding .
when the traffic increase on the VSAT modems i have , it become hard to open the yahoo messenger .
can i forward the port 5050 used by yahoo messenger to any other port ? , so when traffic increase the yahoo messenger will work fine without problems .
with best regards .

I think what you want to achieve is not a port forward at all.

Assuming your client's address is 192.168.1.1, you could perhaps add these filter rules;

chain=input action=accept dst-address=192.168.1.1 dst-port=5555 protocol=tcp
chain=input action=accept dst-address=192.168.1.1 dst-port=5555 protocol=udp

Hope this helps.

Hilton,
No need to add this rules coz, By default, Nothing is Blocked in Mikrotik Firewall Filter.

Hilton,
No need to add this rules coz, By default, Nothing is Blocked in Mikrotik Firewall Filter.

Fair enough, but why would his customer then ask to 'open up' this port?

If you use masquerade you have to set dstnat mapping rule for this port:
It maps external tcp 5555 port to your clients 5555 port. Do the same with UDP port (protocol=udp).

best regards

If you use masquerade you have to set dstnat mapping rule for this port:

Code: Select all

ip firewall nat add chain=dstnat action=netmap protocol=tcp dst-port=5555 dst-address=[your client address here] to-ports=5555

It maps external tcp 5555 port to your clients 5555 port. Do the same with UDP port (protocol=udp).

best regards

Hi ;
what about my question :

when the traffic increase on the VSAT modems i have , it become hard to open the yahoo messenger .
can i forward the port 5050 used by yahoo messenger to any other port ? , so when traffic increase the yahoo messenger will work fine without problems .
with best regards .

is it possible to forward the traffic from port to another port which it has less traffic ? , like the example i wrote about .
with best regards .

If you use masquerade you have to set dstnat mapping rule for this port:

Code: Select all

ip firewall nat add chain=dstnat action=netmap protocol=tcp dst-port=5555 dst-address=[your client address here] to-ports=5555

It maps external tcp 5555 port to your clients 5555 port. Do the same with UDP port (protocol=udp).

best regards

Hi ;
what about my question :

when the traffic increase on the VSAT modems i have , it become hard to open the yahoo messenger .
can i forward the port 5050 used by yahoo messenger to any other port ? , so when traffic increase the yahoo messenger will work fine without problems .
with best regards .

is it possible to forward the traffic from port to another port which it has less traffic ? , like the example i wrote about .
with best regards .

Please read something, just about anything on routing protocols.
Your bandwidth usage will be the same if your port 5050 does not pass traffic, and you pass it on just about any other port.
Meaning: If you use 5050 for ym for 20 users, and you forward or do whatever you want with 10 of them on port 5051, for example, you will still be using the same bandwidth. Plus, some applications just won't work this way.

And, as a short answer to the question, messing with ports in this kind of manner, yes it is possible. But for your problem, just won't help.
I mean, it would be really weird that your provider limit your bandwidth on a per port basis, leaving you with lots of http traffic and 10kb/s of ftp, for example.

If you use masquerade you have to set dstnat mapping rule for this port:

Code: Select all

ip firewall nat add chain=dstnat action=netmap protocol=tcp dst-port=5555 dst-address=[your client address here] to-ports=5555

It maps external tcp 5555 port to your clients 5555 port. Do the same with UDP port (protocol=udp).

best regards

Hi ;
what about my question :

when the traffic increase on the VSAT modems i have , it become hard to open the yahoo messenger .
can i forward the port 5050 used by yahoo messenger to any other port ? , so when traffic increase the yahoo messenger will work fine without problems .
with best regards .

is it possible to forward the traffic from port to another port which it has less traffic ? , like the example i wrote about .
with best regards .

Please read something, just about anything on routing protocols.
Your bandwidth usage will be the same if your port 5050 does not pass traffic, and you pass it on just about any other port.
Meaning: If you use 5050 for ym for 20 users, and you forward or do whatever you want with 10 of them on port 5051, for example, you will still be using the same bandwidth. Plus, some applications just won't work this way.

And, as a short answer to the question, messing with ports in this kind of manner, yes it is possible. But for your problem, just won't help.
I mean, it would be really weird that your provider limit your bandwidth on a per port basis, leaving you with lots of http traffic and 10kb/s of ftp, for example.

Hi ;
Thanks alot for your reply .
i was need to know if the method of redirecting some users to use a port with less traffic to assign it for Yahoo messenger will help or not .
when the traffic time in night come some time it will take very long time to open the YM because all the users are using is for chatting .
in the same time you could do browsing or download or whatever you need , just the YM . opening MSN is easier .
for that i thought that the port used by YM is congested and need to direct some users to use another port for it .
again thanks .
with best regards .

USE UPNP...
IP---> UPNP ---> click setting and tick enable,allow to disable external interface,show dummy rule


Now click ADD...
Interface LAN and its type internal
Interface Wan and its type external.


This will forward all ports in mikrotik router os including utorrent

I'm baffled by MT's approach to port forwarding, too.

My DSL modem enables me to forward a specific port to any internal IP address, so that I can set something like 'PublicIP:1234' to point to any internalIP:port I want eg 192.168.10.10:23 giving me telnet access from the Internet to any Internal MT router.

However to get any MT RBOS router to port forward it seems I have to create a VLAN with its own IP address and then dst-nat it to the 'internal' address, which is fine on my internal network where I have as many private addresses as I need but would be useless if the MT router was also the public/private gateway and so had only one address on the public side.

Maybe I'm missing something.

What I was missing was action=netmap. Thanks bdr. Mind you it would have been helpful had the Mikrotik manual explained it properly.

What I was missing was action=netmap. Thanks bdr. Mind you it would have been helpful had the Mikrotik manual explained it properly.

No, I still can't get it to work - or understand it properly. Here's the scenario.

On the roof an RB133c as CPE/station. wlan is 10.0.10.10/24 src-nat=masq. ether1 is 10.10.10.1/24 linked to a switch (10.10.10.10/24) linked to an i386 running RouterOS just for User-Manager and a Dude server (10.10.10.20/24) and my desktop PC (10.10.10.30/24)
running Windows XP, Dude client and MT-syslog.exe. Down the line I'd like to add an i686 running Linux server for mail and a web server (say 10.10.10.40:80 etc)

So what I need is for the other routers running a RADIUS server on the wireless network to be able to contact User-Manager on the i386 (10.10.10.20:1812-1813) but send remote logging to the PC (10.10.10.30:514) and in the future to be able to route mail and HTTP to 10.10.10.40:80 etc.

Trying to dst-nat netmap 10.0.10.10:1812-1813 to 10.10.10.20:1812-1813 while dst-nat netmapping 10.10.10.10:514 to 10.10.10.30:514 doesn't seem to work.

So I had to set up a VLAN on the wlan interface and gave that the address 10.0.10.100 and dst-natted that to 10.10.10.10, which worked for the RADIUS packets but also intercepts the sys-log packets. So do I need another VLAN just for the sys-log packets, and another for the HTTP server, and another for sendmail etc?