Community discussions

MikroTik App
 
Molatudi
just joined
Topic Author
Posts: 4
Joined: Wed May 23, 2018 5:32 pm

Cant Open Ports

Fri Jun 18, 2021 11:00 am

Hi guys. I seem to have a problem with opening ports on this particular RB750Gr3, Firmware 6.48.3. I have 4 NAT Rules Configured the same way, just different Ports. (See attached Pictures). I have no Firewall Rules Configured.
But when I run for a Port Scan on nmap, it shows all these 4 Ports as closed and no traffic is flowing through them as well. I have another RB750Gr3 configured exactly the same way and it's working 100%. But this one is just refusing. I've even Reset it a few times, but still no joy...

What could be the problem? Please help

Thank You
Last edited by Molatudi on Fri Jun 18, 2021 12:18 pm, edited 1 time in total.
 
mkx
Forum Guru
Forum Guru
Posts: 6206
Joined: Thu Mar 03, 2016 10:23 pm

Re: Cant Open Ports

Fri Jun 18, 2021 11:11 am

First verify that internal server is actually accepting connections on TCP port 25.

Then you can enable LOG flag, try remote connection and see if log contains anything.
One thing you should be aware: some ISPs block port 25 (SMTP) towards clients because SMTP protocol is often used for malicious activities (spamming, phishing, you name it).
BR,
Metod
 
Molatudi
just joined
Topic Author
Posts: 4
Joined: Wed May 23, 2018 5:32 pm

Re: Cant Open Ports

Fri Jun 18, 2021 11:26 am

First verify that internal server is actually accepting connections on TCP port 25.

Then you can enable LOG flag, try remote connection and see if log contains anything.
One thing you should be aware: some ISPs block port 25 (SMTP) towards clients because SMTP protocol is often used for malicious activities (spamming, phishing, you name it).
Ive just tested Remote Access on Port 3389. Also cant get through. I've attached a copy of the Log Report from the Mikrotik. I've also checked with my ISP, none of my ports are blocked by the them. This system was working fine all along until Saturday when my Zyxel Router died from a Power Surge. I then moved to this Mikrotik and I've been struggling to get it to work since.
Last edited by Molatudi on Fri Jun 18, 2021 3:32 pm, edited 1 time in total.
 
erlinden
Forum Veteran
Forum Veteran
Posts: 834
Joined: Wed Jun 12, 2013 1:59 pm

Re: Cant Open Ports

Fri Jun 18, 2021 11:46 am

Can you please share your configuration?
/export hide-sensitive file=anynameyoulike
I have no Firewall Rules Configured.
Hopefully you mean no additional rules?
First the problem, then the solution
 
sid5632
Member
Member
Posts: 454
Joined: Fri Feb 17, 2017 6:05 pm

Re: Cant Open Ports

Fri Jun 18, 2021 11:48 am

Why are you using nmap to test .88.1 when you are trying to NAT to .88.3?
Post configuration exports, not stupid massive screenshots.
Your blobbing of the dest. address is also pointless, as it is there for all to see, twice, in the screenshots.
 
Molatudi
just joined
Topic Author
Posts: 4
Joined: Wed May 23, 2018 5:32 pm

Re: Cant Open Ports

Fri Jun 18, 2021 3:16 pm

Can you please share your configuration?
/export hide-sensitive file=anynameyoulike
I have no Firewall Rules Configured.
Hopefully you mean no additional rules?
This is my current config. Ive done this config a thousand times in the past with no issues, but right now its not working. I've tried 3 different Routers, no joy!

# jun/18/2021 14:09:37 by RouterOS 6.48.3
# software id = SBVY-3BTC
#
# model = RouterBOARD 750G r3
# serial number =
/interface l2tp-client
add add-default-route=yes allow=pap,chap connect-to=102.221.yyy.yyy disabled=\
no name=l2tp-out1 user=molatudi
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.101-192.168.88.103
/ip dhcp-server
add address-pool=dhcp interface=ether2 name=dhcp1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add list=LAN
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=25 \
protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=53 \
protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=3389 \
log=yes protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=135 \
protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat dst-address=102.221.xxx.xxx dst-port=443 \
protocol=tcp to-addresses=192.168.88.3
/system clock
set time-zone-name=Africa/Johannesburg
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2031
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Cant Open Ports

Fri Jun 18, 2021 5:05 pm

Is this the "full" config, i.e. there is no Firewall Filter rules?

If not full config and there are firewall filter rules, then make sure you have a rule that allows Destination NAT
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7774
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cant Open Ports

Fri Jun 18, 2021 6:00 pm

Yeah no firewall rules and connected to the internet........ just plain dumb if thats the case, will assume you are just using it in a lab.

As for Ive done this configuration 1000 times doesnt mean you have clue

Take this for example.
/interface list member
add interface=ether1 list=WAN
add list=LAN

Okay brainiac what does that do?? No I am curious really
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1981
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Cant Open Ports

Fri Jun 18, 2021 7:11 pm

....Okay brainiac what does that do?? No I am curious really
It does not help. Really. No matter how many spells you cast on that sentence.
Real admins use real keyboards.
To quote or not to quote, there is the topic: viewtopic.php?f=2&t=168474
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7774
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cant Open Ports

Fri Jun 18, 2021 7:37 pm

Thats why you are here Bartoz......... I am not the patient llama unless the person provides a decent networking diagram, has shown the config, and has zero arrogance.........
Besides, in general I dont help folks who want to access their router from the internet over www and likewise I dont help people that refuse to use firewalls (in general unless of course people have edge routers or other circumstances where its acceptable). Or folks clearly trying to circumvent company rules etc etc......
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: anav, Bing [Bot], kehrlein, sindy, thompsontech and 81 guests