Community discussions

 
superdigi
just joined
Topic Author
Posts: 3
Joined: Fri Nov 08, 2019 6:39 am

Port forwarding to 443 fail

Fri Nov 08, 2019 9:01 am

Hi Support,

I having difficulty to port forward port 443 to my local server from public IP. It still fail to connect from public IP. tested telnet from local network to local IP server with port 443 are success, but from public IP are fail to access. Hope you all can help.

add action=dst-nat chain=dstnat disabled=no dst-port=443 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.200 to-ports=443

Thanks & Regard
Jason Leong
 
User avatar
xvo
Long time Member
Long time Member
Posts: 579
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Port forwarding to 443 fail

Fri Nov 08, 2019 9:28 am

In order for this to work you also need a firewall rule, that will allow such connection in forward chain.
The simpliest one is:
add action=accept chain=forward connection-nat-state=dstnat in-interface=ether1-gateway
Placed lower than accept established/related and drop invalid rules of the forward chain, but higher than last "drop everything else" rule .
 
superdigi
just joined
Topic Author
Posts: 3
Joined: Fri Nov 08, 2019 6:39 am

Re: Port forwarding to 443 fail

Fri Nov 08, 2019 10:21 am

As per attachment is the screenshot of firewall rules. It show that I has been add in the new rules. unfortunately, it still unable to access from public
You do not have the required permissions to view the files attached to this post.
 
superdigi
just joined
Topic Author
Posts: 3
Joined: Fri Nov 08, 2019 6:39 am

Re: Port forwarding to 443 fail

Fri Nov 08, 2019 10:26 am

as per attachment is the screenshot from terminal. Kindly review
You do not have the required permissions to view the files attached to this post.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 579
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Port forwarding to 443 fail

Fri Nov 08, 2019 10:40 am

As I see now your default rule 17 does the same, so you don't need the one I suggested at all.

Are you sure your ISP is not blocking port 443?
Change dst-port in your initial NAT rule to anything else (but leave to-ports=443), and try connecting to this different port from outside.
 
Sob
Forum Guru
Forum Guru
Posts: 4784
Joined: Mon Apr 20, 2009 9:11 pm

Re: Port forwarding to 443 fail

Fri Nov 08, 2019 2:28 pm

tested telnet from local network to local IP server with port 443 are success, but from public IP are fail to access.
You mean you're connecting from internet to public address, or still from local network to public address?

If it's the latter, you can't have in-interface (use dst-address=<public address>) and you need this: https://wiki.mikrotik.com/wiki/Hairpin_NAT
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 110 guests