MikroTik

Community discussions
https://forum.mikrotik.com/

Port Forwarding won't work on new RB750GL

https://forum.mikrotik.com/viewtopic.php?f=13&t=95244

Page 1 of 1

Port Forwarding won't work on new RB750GL

Posted: Wed Mar 25, 2015 4:21 pm
by rotorboy
I am following these instructions http://networkingforintegrators.com/201 ... g-example/
I use these same instructions on another routerboard and I can port forward with no problems. On a new RB750GL I cannot get it to port forward at all. Is there something different I need to do here?
Code: Select all
# mar/25/2015 04:51:36 by RouterOS 6.27
# software id = 5YJQ-YBC1
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.190
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master-local name=default
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=ether2-master-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established,related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established,related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new \
    disabled=yes in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-port=3389 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=\
    192.168.1.30 to-ports=3389
add action=dst-nat chain=dstnat dst-port=8822 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.20 \
    to-ports=22
/system clock
set time-zone-autodetect=no
/system identity
set name=H1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local

Re: Port Forwarding won't work on new RB750GL

Posted: Thu Mar 26, 2015 2:25 pm
by lz1dsb
Your /ip firewall nat rules look correct to me:
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-port=3389 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=\
192.168.1.30 to-ports=3389
add action=dst-nat chain=dstnat dst-port=8822 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.20 \
to-ports=22

I just checked with my setup, the only difference is that I do not use the option "in-interface", but it should work with it given that the traffic is really coming from this interface.
Did you check whether any translations are happening with /ip firewall nat print stats?

Re: Port Forwarding won't work on new RB750GL

Posted: Thu Mar 26, 2015 3:48 pm
by ZeroByte
I agree with lz1dsb - your rules look correct.

Are you trying to test the port forwarding rules from behind the router?
If so, you'll need to add this to your nat rules for hairpin support:
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2-master-local src-address=192.168.1.0/24
Is this the same ISP where the other routerboard was working? If it's a different ISP, could they be blocking incoming connections to their customers? You could test this by temporarily putting a static IP on ether1-gateway and attaching a laptop directly to ether1 and trying to access the pinhole.

Re: Port Forwarding won't work on new RB750GL

Posted: Thu Mar 26, 2015 4:32 pm
by rotorboy
Greetings,

For testing I am doing 2 things that I would normally do. First I am connecting to a remote desktop and then trying to connect back in to another machine on the local desktop. Second I connect to a remote SSH server and then try to connect back to the local server using SSH. This is how I test the working set up at the second location.

I am using the same ISP and have a static IP on a business level package. I was using the hostname rather than the IP to connect and based on your suggestion I just checked to find out that my static IP must not be set up on the router. I remember setting it up but at some point when I was changing the internal IP range from 192.168.88.0 to 192.168.1.0 I must have cleared all the settings and forgot to put the static IP back in. I'll try that now, thanks!

Re: Port Forwarding won't work on new RB750GL

Posted: Thu Mar 26, 2015 5:51 pm
by ZeroByte
... at some point when I was changing the internal IP range from 192.168.88.0 to 192.168.1.0 I must have cleared all the settings and forgot to put the static IP back in. I'll try that now, thanks!
Ah, the ol' pinhole to nowhere. :D
And to think how many innocent TCP/SYN packets were thrown off of a cliff. :lol:
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/