I am moving from PFsense to routerboard 450G.

I have the basics setup and just want to setup a few NAT rules for apps running on my internal network.
I already have Eth1 (Wan) setup with masquerade to Eth2(Lan).
All I want to do is create rules so that Xbox Live and another app can run without issues.

I am doing all my setup with winbox, FYI.
I setup under NAT 3 rules
1) Dst-nat using chain dst-nat protocol udp dst port 3074 in-interface eth1 -> action dstnat forward to ip 192.168.100.20 (xbox)
2) Dst-nat using chain dst-nat protocol udp dst port 9029 in-interface eth1 -> action dstnat forward to ip 192.168.100.10 (server)
3) Dst-nat using chain dst-nat protocol tcp dst port 9029 in-interface eth1 -> action dstnat forward to ip 192.168.100.10 (server)

Also 3 Filter Rules
1) input chain, protocol udp, dst-port 3074, in-interface eth1, action allow
2) input chain, protocol udp, dst-port 9029, in-interface eth1, action allow
3) input chain, protocol tcp, dst-port 9029, in-interface eth1, action allow


Currently it does not work. Im sure i am just missing minor rule.
Please assist

Thx in advance

I checked a similar port forwarding in my setup and I can't see why it should not work. The setup in my router would look like below. I am sure that you already have considered that the filter rule must be placed high in the list before any rule that might drop the package e.g. a rule dropping all new connections not coming from your LAN.

rgs Pilgrim

NAT:

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=3074 in-interface=\
eht1 protocol=tcp to-addresses=192.168.100.20

Filter:

add action=accept chain=forward comment="" disabled=no dst-port=3074 protocol=tcp

You can type in terminal and to show us your firewall configuration.

NAT:
0 chain=dstnat action=dst-nat to-addresses=192.168.100.20 to-ports=3074
protocol=udp in-interface=ether1 dst-port=3074

1 chain=dstnat action=dst-nat to-addresses=192.168.100.8 to-ports=9029
protocol=tcp in-interface=ether1 dst-port=9029

2 chain=dstnat action=dst-nat to-addresses=192.168.100.8 to-ports=9029
protocol=udp in-interface=ether1 dst-port=9029

3 ;;; Added by webbox
chain=srcnat action=masquerade out-interface=ether1


FILTER:
0 ;;; Added by webbox
chain=input action=accept protocol=icmp

1 ;;; Xbox 360
chain=input action=accept protocol=udp in-interface=ether1 dst-port=3074

2 ;;; NAS
chain=input action=accept protocol=tcp in-interface=ether1 dst-port=9029

3 chain=input action=accept protocol=udp in-interface=ether1 dst-port=9029

4 ;;; Added by webbox
chain=input action=accept connection-state=established in-interface=ether1

5 ;;; Added by webbox
chain=input action=accept connection-state=related in-interface=ether1

6 ;;; Added by webbox
chain=input action=drop in-interface=ether1

7 ;;; Added by webbox
chain=forward action=jump jump-target=customer in-interface=ether1

8 ;;; Added by webbox
chain=customer action=accept connection-state=established

9 ;;; Added by webbox
chain=customer action=accept connection-state=related

10 ;;; Added by webbox
chain=customer action=drop


Thanks a lot for your support guys. I really appreciate a good forum with good people.

Figured it all out.
I has set the filter to accept but not forward (Input vs Forward)

Once this was set it all worked great

Thx