Forwarding a port range to a different range
Posted: Fri Jun 07, 2013 4:43 am
I'm using one of my routers mainly for NAT on a DSL connection. I have devices on my network that use UDP ports 5330-5339. I would like to allow external access to these devices, on a different port range. So for example, I'd like to forward ports 7330-7339 incoming on the DSL to 5330-5339 on 10.32.33.103 internally.
This is what I tried first:
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-mta
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7330-7339 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5330-5339
But it didn't work. There was some connectivity but not what I expected. However it started to work properly when I forwarded the individual ports (and disabled the above range rule):
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7331 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5331
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7339 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5339
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7338 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5338
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7335 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5335
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7334 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5334
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7333 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5333
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7332 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5332
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7330 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5330
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7337 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5337
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7336 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5336
Is this the correct/only way to do this? Or any other suggestions? I will have five of these devices on the network and it's just a bit unwieldy to set up 50 NAT rules, 1 per port.
This is what I tried first:
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-mta
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7330-7339 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5330-5339
But it didn't work. There was some connectivity but not what I expected. However it started to work properly when I forwarded the individual ports (and disabled the above range rule):
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7331 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5331
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7339 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5339
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7338 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5338
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7335 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5335
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7334 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5334
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7333 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5333
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7332 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5332
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7330 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5330
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7337 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5337
add action=dst-nat chain=dstnat comment="TRF Q330" disabled=no dst-port=7336 in-interface=pppoe-mta protocol=udp to-addresses=10.32.33.103 to-ports=5336
Is this the correct/only way to do this? Or any other suggestions? I will have five of these devices on the network and it's just a bit unwieldy to set up 50 NAT rules, 1 per port.