Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

NAT with Masquerading Question

Locked
 
travisnj
just joined
Topic Author
Posts: 13
Joined: Wed Nov 25, 2009 10:30 pm

NAT with Masquerading Question

Thu Dec 17, 2009 4:40 am

I have seen the example:

http://www.mikrotik.com/documentation/m ... t_example2

and shows to use the forward chain to put in the IP address and port that you wish to forward through to your local nat'd host...

But when I try to forward any port to a local host, it is unreachable..

I have the following:

[admin@RBSoho5/5G] /ip firewall> nat print chain=dstnat
Flags: X - disabled, I - invalid, D - dynamic

0 chain=dstnat action=dst-nat to-addresses=10.0.1.5 to-ports=17838 protocol=tcp dst-port=17838

1 ;;; Not an Adult Go OpenDNS
chain=dstnat action=dst-nat to-addresses=208.67.222.222 to-ports=53 protocol=udp src-address-list=!Adult dst-port=53

2 ;;; Redirect DNS Adult
chain=dstnat action=dst-nat to-addresses=4.2.2.1 to-ports=53 protocol=udp src-address-list=Adult dst-port=53



and

[admin@RBSoho5/5G] /ip firewall> filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Added by webbox
chain=input action=accept protocol=icmp

1 ;;; Added by webbox
chain=input action=accept connection-state=established in-interface=ether1

2 ;;; Added by webbox
chain=input action=accept connection-state=related in-interface=ether1

3 chain=forward action=accept protocol=tcp src-address=10.0.1.5 port=17838

4 ;;; Added by webbox
chain=input action=drop in-interface=ether1

5 ;;; Added by webbox
chain=forward action=jump jump-target=customer in-interface=ether1

6 ;;; Added by webbox
chain=customer action=accept connection-state=established

7 ;;; Added by webbox
chain=customer action=accept connection-state=related

8 ;;; Added by webbox
chain=customer action=drop


I cannot get a successful traversal of the NAT masquerade with port forward

Internet > eth1> RB <eth2 < 10.0.1.5:17838

even if I do not follow putting rule in place for the forward chain; I still do not get a successful traversal to the port that was forwarded.

Any help appreciated.
Top
 
travisnj
just joined
Topic Author
Posts: 13
Joined: Wed Nov 25, 2009 10:30 pm

Re: NAT with Masquerading Question

Thu Dec 17, 2009 5:02 am

I found my own issue....

I first setup a HotSpot and could not use it due to the re-write on packets; etc... Look for my other post on TWO DNS servers for Adult or Child... OpenDNS and Un-Filtered DNS...

Anyways, the rules that were put in did not get removed when HotSpot was deleted.....

[admin@RBSoho5/5G] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Added by webbox
chain=input action=accept protocol=icmp

1 ;;; Added by webbox
chain=input action=accept connection-state=established in-interface=ether1

2 ;;; Added by webbox
chain=input action=accept connection-state=related in-interface=ether1

3 X chain=forward action=accept protocol=tcp dst-address=10.0.1.5 in-interface=ether1 port=17838

4 X ;;; Added by webbox
chain=input action=drop in-interface=ether1

5 ;;; Added by webbox
chain=forward action=jump jump-target=customer in-interface=ether1

6 ;;; Added by webbox
chain=customer action=accept connection-state=established

7 ;;; Added by webbox
chain=customer action=accept connection-state=related

8 X ;;; Added by webbox
chain=customer action=drop


I had to remove those two "chain customer action drop" and my port forward in dst-nat worked fine..
Top
Locked

Who is online

Users browsing this forum: pepe262 and 56 guests
  4. RouterOS
  5. Beginner Basics