Code: Select all
/ip firewall nat add chain=dstnat in-interface=ether12 protocol=tcp dst-port=5900 action=dst-nat to-addresses=192.168.150.2 to-ports=22
RouterOS 6.31
/ip firewall nat add chain=dstnat in-interface=ether12 protocol=tcp dst-port=5900 action=dst-nat to-addresses=192.168.150.2 to-ports=22
I have tested! Same result!!Looks like from your diagram the Mikrotik is handling the PPPoE, if so change your in-interface to the PPPoE interface not the physical interface.
I have tried 3389 and 65000. But the problem remains!Have you tried a different incoming port? 5900 is the standard VNC port and you ISP may be blocking?
The port 22 is just an example! 3389 I have test it internally and is working fine! The ISP is not blocking this port!Not that you cant but not sure why you are trying to nat 5900, 3389, etc to dst port of 22. Is your dst host actually listening on 22? Can you test internal and see if there is any response on 22?
Can you give me an example, please?Hi,
the port forwarding is just one thing to do.
Propably you must also add a firewall rule in the forward chain to allow the incoming traffic.
Ape
/ip firewall nat add action=dst-nat chain=dstnat disabled=no in-interface=<your wan interface> dst-port=80 protocol=tcp to-addresses=<IP of host> to-ports=80
/ip firewall filter add action=accept chain=forward connection-state=new \
disabled=no dst-address=<IP of host> dst-port=80 protocol=tcp
Thanks for your response! I try your rules and they're not working.Hi,
this is an example port forwarding for port 80:
In the example I assume, that you have a working stateful firewall.Code: Select all/ip firewall nat add action=dst-nat chain=dstnat disabled=no in-interface=<your wan interface> dst-port=80 protocol=tcp to-addresses=<IP of host> to-ports=80 /ip firewall filter add action=accept chain=forward connection-state=new \ disabled=no dst-address=<IP of host> dst-port=80 protocol=tcp
Ape
command./export
Here is my configuration:Hi,
please post the output of the
command./export
Thank you.
Ape
# nov/25/2015 14:12:55 by RouterOS 6.31
#
/interface pppoe-client
add add-default-route=yes interface=ether11 max-mru=1480 max-mtu=1480 mrru=\
1600 name=username password=password user=username
add add-default-route=yes disabled=no interface=ether12 max-mru=1480 max-mtu=\
1480 mrru=1600 name=username2 password=password user=username2
/interface ethernet
set [ find default-name=ether8 ] comment=Server master-port=ether10
set [ find default-name=ether9 ] master-port=ether10
/ip neighbor discovery
set ether8 comment=Server
/ip hotspot profile
add hotspot-address=192.168.150.1 name=hsprof1
/ip pool
add name=hs-pool-10 ranges=192.168.150.3-192.168.151.254
add name=dhcp_pool1 ranges=192.168.100.2-192.168.100.254
add name=dhcp_pool2 ranges=192.168.0.50-192.168.0.150
/ip dhcp-server
add address-pool=hs-pool-10 disabled=no interface=ether10 lease-time=1h name=\
dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether4 lease-time=1h name=\
dhcp2 relay=192.168.0.254
/ip hotspot
add address-pool=hs-pool-10 disabled=no interface=ether10 name=hotspot1 \
profile=hsprof1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether1 \
network=192.168.88.0
add address=192.168.150.1/23 comment="hotspot network" interface=ether10 \
network=192.168.150.0
add address=192.168.0.254/24 interface=ether4 network=192.168.0.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether11
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.254
add address=192.168.100.0/24 gateway=192.168.100.1
add address=192.168.150.0/23 comment="hotspot network" gateway=192.168.150.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,195.170.2.2
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add chain=forward comment="added 23/11/2015" disabled=yes \
dst-address=192.168.150.2 dst-port=3389 in-interface=username2 protocol=tcp \
src-port=3389
add chain=forward disabled=yes dst-address=192.168.0.171 dst-port=3389 \
in-interface=username2 protocol=tcp src-port=3389
add chain=forward comment=" 25/11" connection-state=new dst-address=\
192.168.150.2 dst-port=3389 protocol=tcp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.150.0/23
add action=dst-nat chain=dstnat dst-port=3389 in-interface=ether11 protocol=\
tcp to-addresses=192.168.0.171 to-ports=3389
add action=masquerade chain=srcnat out-interface=ether12
add action=dst-nat chain=dstnat dst-port=3389 in-interface=username2 protocol=\
tcp to-addresses=192.168.150.2 to-ports=3389
add action=dst-nat chain=dstnat comment="Port Forward 24/11" disabled=\
yes dst-address-list=ALLOW dst-port=3389 in-interface=ether12 protocol=\
tcp to-addresses=192.168.150.2 to-ports=22
add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
3389 protocol=tcp to-addresses=192.168.150.2 to-ports=3389
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.150.2 \
dst-port=3389 out-interface=ether12 protocol=tcp src-address=\
192.168.150.1
add action=dst-nat chain=dstnat disabled=yes dst-port=65000 in-interface=\
username2 protocol=tcp to-addresses=192.168.150.2 to-ports=22
add action=masquerade chain=srcnat disabled=yes out-interface=ether12
add action=masquerade chain=srcnat dst-address=192.168.150.0/24 dst-port=3389 \
out-interface=ether10 protocol=tcp src-address=192.168.150.0/24
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=ether12 pref-src=\
192.168.0.254
/ip firewall nat add chain=dstnat in-interface=ether12 protocol=tcp dst-port=5900 action=dst-nat to-addresses=192.168.150.2 to-ports=22
/ip firewall nat add chain=srcnat src-address=!192.168.150.0/24 action=src-nat to-addresses=192.168.150.1 dst-address=192.168.150.2 dst-port=22 protocol=tcp