Community discussions

MUM Europe 2020
 
etokadi
just joined
Topic Author
Posts: 5
Joined: Fri Dec 27, 2019 12:27 am

TCP port forward doesnt work

Fri Dec 27, 2019 12:42 am

I am using the rule:

/ip firewall nat add chain=dstnat dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555

Then start my server on .251 such as

Code: Select all

nc -l 192.168.88.251 -p 55555
And the port is not reachable from the internet. What am I doing wrong?
 
User avatar
ingdaka
Member Candidate
Member Candidate
Posts: 240
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: TCP port forward doesnt work

Fri Dec 27, 2019 3:03 pm

/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555
Ilir Daka
Electronic & Network Engineer
E-mail: ilirdaka@live.com
Mob: +355692982151
WhatsApp: +355692982151
Mikrotik Official Consultant
CCNA | Fortinet NSE3 | MTCRE | MTCSE | MTCWE
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1176
Joined: Fri Jul 28, 2017 2:53 pm

Re: TCP port forward doesnt work

Fri Dec 27, 2019 4:15 pm

Hey. First of all: do you really have an application that listening that port? Because port forwarding via nat doesn't mean port will be opened from Internet just out of nowhere.
And second - you need to assign destination address, explicitly public one or assign an input interface which has that address, or both with specific address if that interface has a subnet less than /30(<30).
 
etokadi
just joined
Topic Author
Posts: 5
Joined: Fri Dec 27, 2019 12:27 am

Re: TCP port forward doesnt work

Mon Dec 30, 2019 5:46 pm

/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555
Thanks but I don't think I can add my public IP since my ISP assigns that dynamically so it is always different.
 
etokadi
just joined
Topic Author
Posts: 5
Joined: Fri Dec 27, 2019 12:27 am

Re: TCP port forward doesnt work

Mon Dec 30, 2019 5:49 pm

Hey. First of all: do you really have an application that listening that port? Because port forwarding via nat doesn't mean port will be opened from Internet just out of nowhere.
And second - you need to assign destination address, explicitly public one or assign an input interface which has that address, or both with specific address if that interface has a subnet less than /30(<30).
Yes I tried with an application and also with nc -l. My understanding is that if there's no application, the client would get connection refused, or a timeout if the rule doesn't work.

I can't assign an IP since it's dynamic but I'll try now with an interface.
 
etokadi
just joined
Topic Author
Posts: 5
Joined: Fri Dec 27, 2019 12:27 am

Re: TCP port forward doesnt work

Mon Dec 30, 2019 6:26 pm

It still doesn't work but I see the packet count increase when I try to connect to the port.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1176
Joined: Fri Jul 28, 2017 2:53 pm

Re: TCP port forward doesnt work

Tue Dec 31, 2019 9:41 am

/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555
Thanks but I don't think I can add my public IP since my ISP assigns that dynamically so it is always different.
Use dyndns or write a script which will do this for you :)
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1176
Joined: Fri Jul 28, 2017 2:53 pm

Re: TCP port forward doesnt work

Tue Dec 31, 2019 9:42 am

Hey. First of all: do you really have an application that listening that port? Because port forwarding via nat doesn't mean port will be opened from Internet just out of nowhere.
And second - you need to assign destination address, explicitly public one or assign an input interface which has that address, or both with specific address if that interface has a subnet less than /30(<30).
Yes I tried with an application and also with nc -l. My understanding is that if there's no application, the client would get connection refused, or a timeout if the rule doesn't work.

I can't assign an IP since it's dynamic but I'll try now with an interface.
There is has to be a live server which listening this port behind your router.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1176
Joined: Fri Jul 28, 2017 2:53 pm

Re: TCP port forward doesnt work

Tue Dec 31, 2019 9:43 am

It still doesn't work but I see the packet count increase when I try to connect to the port.
Then your NAT rule works correctly. Troubleshoot the server side.
 
mrtrca
just joined
Posts: 6
Joined: Wed Dec 05, 2012 2:22 pm
Location: Turkey
Contact:

Re: TCP port forward doesnt work

Thu Jan 02, 2020 2:37 pm

Hello,
if there is a bridge
/interface bridge settings set use-ip-firewall=yes
Could work :)
I wish conveniences.
MTCNA | MTCWE | MTCRE | MTCINE
on Turkey
 
etokadi
just joined
Topic Author
Posts: 5
Joined: Fri Dec 27, 2019 12:27 am

Re: TCP port forward doesnt work

Sun Jan 12, 2020 9:26 pm

Thanks for the replies but it doesn't work. I installed nginx on my computer, the welcome page is available at http://localhost, and http://192.168.88.251/ . I entered this rule:
/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=80
Then I enter my public-IP:55555 in my browser, and I get a connection timeout, in the meanwhile in the router NAT page I see the packet count increase for the rule I just created! What now? I tried so far with 2 servers on different ports, and netcat.
 
mikruser
Member
Member
Posts: 410
Joined: Wed Jan 16, 2013 6:28 pm

Re: TCP port forward doesnt work

Sun Jan 12, 2020 10:52 pm

don't listen to noobs, you no need add public ip to nat rule.

you need add firewall rule:
accept
forward
dst.address=your internal ip
protocol=tcp
dst.port=your internal port
do not ask me why it is necessary.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1176
Joined: Fri Jul 28, 2017 2:53 pm

Re: TCP port forward doesnt work

Mon Jan 13, 2020 2:21 pm

Thanks for the replies but it doesn't work. I installed nginx on my computer, the welcome page is available at http://localhost, and http://192.168.88.251/ . I entered this rule:
/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=80
Then I enter my public-IP:55555 in my browser, and I get a connection timeout, in the meanwhile in the router NAT page I see the packet count increase for the rule I just created! What now? I tried so far with 2 servers on different ports, and netcat.
Hey, again :) What you need now is hairpin nat config. Google it :) Your current dstnat rule in not for you, it is for external requests.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1176
Joined: Fri Jul 28, 2017 2:53 pm

Re: TCP port forward doesnt work

Mon Jan 13, 2020 2:22 pm

don't listen to noobs, you no need add public ip to nat rule.

you need add firewall rule:
accept
forward
dst.address=your internal ip
protocol=tcp
dst.port=your internal port
Well, I think every ISP well know private networks of their users, don't they? :))

Who is online

Users browsing this forum: No registered users and 24 guests