I have an ARK Survival Evolved server setup but cannot get the ports to be forwarded correctly (works fine on local lan). One of my son's friends got a new computer and wants to connect to our Ark server but I cannot seem to get the firewall rules working. I have tried a lot of stuff... using/not using in-interface-list vs in-interface, etc. Anyway here is my current config. Any help welcome.
admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
1 chain=dstnat action=dst-nat to-addresses=192.168.88.33 protocol=tcp in-interface=ether1 in-interface-list=WAN dst-port=25147,27015-27030,27036-27037 log=yes log-prefix="ARK-TCP"
2 chain=dstnat action=dst-nat to-addresses=192.168.88.33 protocol=udp in-interface=ether1 in-interface-list=WAN dst-port=4380,7777-7778,25147,27000-27031,27036 log=yes log-prefix="ARK-UDP"
[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
5 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
6 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
7 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
8 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
9 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
10 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=yes log-prefix="DROPPED"