Community discussions

MikroTik App
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

winBox Port Forward No Response-Plz Help

Sun Aug 01, 2021 7:13 pm

Hi. Hope i'm at the right place..
So, in short.. Been 3 days of headache.. hours of reading and following forum posts + youtube..
But i Just can't get port forwarding to work..
All i want to do is to open a port (8469) so that my friend can join me in Dyson's Sphere..

Current flow:
Using https://portchecker.co/ to check my port.
Status is always: Port 8469 is closed.
I'm on Fiber. which connects to my mikrotik. which connects to my pc on ether3.

I can see the bytes adds up on NAT when i click the CHECK button on the website.. but its like my computer gets the packet but just refuses to respond.
I've turned off every and all firewall settings on windows.. uninstalled my anti-virus.. forced allowed all outbound and inbound rules.. nothing..

Any assistance will save my life.

Thank you.

I've followed these posts to the T with no avail..
viewtopic.php?t=114433
viewtopic.php?t=150036
viewtopic.php?t=161220
viewtopic.php?t=102483
and some more from other sites and youtube.. (i am now able to only allow specific mac addresses on my wifi to get internet access.. which is a bonus :D )

Plz plz help..
I'm just an average joe who wants to play a game.. type slowly please..
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Sun Aug 01, 2021 7:27 pm

please see below export:
# aug/01/2021 18:22:20 by RouterOS 6.42.10
# software id = 13HW-5X67
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 8B0808FDB7AA
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country="south africa" disabled=no frequency=auto mode=ap-bridge ssid=\
    Configure.. wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-eCee country="south africa" disabled=no frequency=auto mode=\
    ap-bridge ssid=5GHz wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    123333 wpa2-pre-shared-key=123333
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.8.110-192.168.8.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface list member
add interface=bridge1 list=LAN
add disabled=yes interface=ether1 list=WAN
add interface=bridge1 list=WAN
/ip address
add address=192.168.8.1/24 interface=bridge1 network=192.168.8.0
/ip arp
add address=192.168.8.121 interface=bridge1 mac-address=FC:DB:B3:2E:DE:E3
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.8.110 always-broadcast=yes client-id=1:44:37:e6:78:cd:e0 \
    mac-address=44:37:E6:78:CD:E0 server=dhcp1
add address=192.168.8.119 client-id=1:5c:80:b6:97:9:d7 mac-address=\
    5C:80:B6:97:09:D7 server=dhcp1
add address=192.168.8.127 client-id=1:1c:87:2c:60:64:ca mac-address=\
    1C:87:2C:60:64:CA server=dhcp1
add address=192.168.8.125 always-broadcast=yes client-id=1:44:37:e6:56:a8:8d \
    mac-address=44:37:E6:56:A8:8D server=dhcp1
add address=192.168.8.112 mac-address=B0:89:00:22:E8:3A server=dhcp1
add address=192.168.8.111 client-id=1:44:37:e6:56:a9:2c mac-address=\
    44:37:E6:56:A9:2C server=dhcp1
add address=192.168.8.121 client-id=1:fc:db:b3:2e:de:e3 mac-address=\
    FC:DB:B3:2E:DE:E3 server=dhcp1
add address=192.168.8.124 client-id=1:0:12:17:2e:c4:7f mac-address=\
    00:12:17:2E:C4:7F server=dhcp1
add address=192.168.8.122 mac-address=E4:F0:42:0F:B1:7F server=dhcp1
add address=192.168.8.120 always-broadcast=yes client-id=1:b8:27:eb:db:86:45 \
    mac-address=B8:27:EB:DB:86:45 server=dhcp1
add address=192.168.8.123 client-id=1:0:12:17:3c:c5:ca mac-address=\
    00:12:17:3C:C5:CA server=dhcp1 use-src-mac=yes
add address=192.168.8.113 client-id=1:e8:de:27:54:9:e5 mac-address=\
    E8:DE:27:54:09:E5 server=dhcp1 use-src-mac=yes
add address=192.168.8.114 client-id=1:18:61:28:de:fa:8b mac-address=\
    18:61:28:DE:FA:8B server=dhcp1
add address=192.168.8.115 client-id=1:ac:72:89:a2:f9:fe mac-address=\
    AC:72:89:A2:F9:FE server=dhcp1
add address=192.168.8.116 client-id=1:3c:5:18:f1:e4:25 mac-address=\
    3C:05:18:F1:E4:25 server=dhcp1
add address=192.168.8.117 client-id=1:f0:25:b7:cc:4d:f0 mac-address=\
    F0:25:B7:CC:4D:F0 server=dhcp1
add address=192.168.8.126 client-id=1:f8:75:a4:b2:b0:b8 mac-address=\
    F8:75:A4:B2:B0:B8 server=dhcp1
add address=192.168.8.131 always-broadcast=yes client-id=1:b2:4e:26:54:9:e5 \
    mac-address=B2:4E:26:54:09:E5 server=dhcp1
add address=192.168.8.132 always-broadcast=yes client-id=1:b2:4e:26:db:86:45 \
    mac-address=B2:4E:26:DB:86:45 server=dhcp1
add address=192.168.8.133 always-broadcast=yes client-id=1:b2:4e:26:97:9:d7 \
    mac-address=B2:4E:26:97:09:D7 server=dhcp1
add address=192.168.8.118 client-id=1:0:25:ae:fe:a5:9e mac-address=\
    00:25:AE:FE:A5:9E server=dhcp1
add address=192.168.8.135 client-id=1:b2:4e:26:9a:9d:a1 mac-address=\
    B2:4E:26:9A:9D:A1 server=dhcp1
add address=192.168.8.142 client-id=1:4a:98:55:95:d:1c mac-address=\
    4A:98:55:95:0D:1C server=dhcp1
add address=192.168.8.129 client-id=1:b2:4e:26:36:f0:fc mac-address=\
    B2:4E:26:36:F0:FC server=dhcp1
add address=192.168.8.138 always-broadcast=yes mac-address=B2:4E:26:22:E8:3A \
    server=dhcp1
add address=192.168.8.134 always-broadcast=yes client-id=1:b2:4e:26:cc:4d:f0 \
    mac-address=B2:4E:26:CC:4D:F0 server=dhcp1
add address=192.168.8.141 always-broadcast=yes client-id=1:b2:4e:26:d9:54:36 \
    mac-address=B2:4E:26:D9:54:36 server=dhcp1
add address=192.168.8.143 client-id=1:54:25:ea:d9:54:36 mac-address=\
    54:25:EA:D9:54:36 server=dhcp1
add address=192.168.8.140 client-id=1:ba:36:f9:e0:26:7b mac-address=\
    BA:36:F9:E0:26:7B server=dhcp1
add address=192.168.8.139 always-broadcast=yes client-id=1:b2:4e:26:2e:de:e3 \
    mac-address=B2:4E:26:2E:DE:E3 server=dhcp1
add address=192.168.8.130 client-id=1:20:6e:9c:81:19:33 mac-address=\
    20:6E:9C:81:19:33 server=dhcp1
add address=192.168.8.128 client-id=1:54:4:a6:77:50:94 mac-address=\
    54:04:A6:77:50:94 server=dhcp1
add address=192.168.8.146 always-broadcast=yes client-id=1:b2:4e:26:a2:f9:fe \
    mac-address=B2:4E:26:A2:F9:FE server=dhcp1
add address=192.168.8.150 mac-address=EC:8C:9A:7C:65:81 server=dhcp1
add address=192.168.8.137 client-id=1:4c:72:b9:43:ef:ab mac-address=\
    4C:72:B9:43:EF:AB server=dhcp1
add address=192.168.8.148 client-id=1:10:92:66:91:df:9a mac-address=\
    10:92:66:91:DF:9A server=dhcp1
add address=192.168.8.144 client-id=1:a4:97:b1:f7:8f:71 mac-address=\
    A4:97:B1:F7:8F:71 server=dhcp1
add address=192.168.8.136 client-id=1:b2:4e:26:f7:8f:71 mac-address=\
    B2:4E:26:F7:8F:71 server=dhcp1
add address=192.168.8.151 client-id=1:7e:69:2d:d3:a2:83 mac-address=\
    7E:69:2D:D3:A2:83 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1,8.8.4.4,8.8.8.8 gateway=\
    192.168.8.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=\
    1.1.1.1,192.168.8.1,8.8.8.8,8.8.4.4,1.0.0.1
/ip dns static
add address=192.168.8.1 name=router.lan
/ip firewall address-list
add address=192.168.8.127 list=cloudDNS
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward comment=PortForward disabled=yes dst-port=\
    8469 out-interface-list=WAN protocol=tcp tcp-flags=""
add action=accept chain=forward comment=Rieta src-mac-address=\
    40:45:DA:DC:73:5C
add action=accept chain=forward comment=allyLT src-mac-address=\
    A4:97:B1:F7:8F:71
add action=accept chain=forward comment=allyLT src-mac-address=\
    B2:4E:26:F7:8F:71
add action=accept chain=forward src-mac-address=00:25:AE:FE:A5:9E
add action=accept chain=forward comment=Daddie src-mac-address=\
    4C:72:B9:43:EF:AB
add action=accept chain=forward comment=Monique src-mac-address=\
    9C:E0:63:1C:3F:80
add action=accept chain=forward comment="Dummy om boonstes deur te laat.." \
    connection-state=established
add action=log chain=forward disabled=yes dst-address=192.168.8.127 \
    log-prefix=zzzz
add action=drop chain=forward comment="Enige iets Anders" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment=CAM-Binne disabled=yes src-mac-address=\
    00:12:17:3C:C5:CA
add action=drop chain=forward comment=CAM-Buite disabled=yes src-mac-address=\
    00:12:17:2E:C4:7F
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade"
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.8.0/24 \
    src-address=192.168.8.0/24
add action=dst-nat chain=dstnat comment=portForward disabled=yes dst-address=\
    165.73.xx.1x5 dst-port=8469 in-interface=ether1 protocol=tcp \
    to-addresses=192.168.8.127 to-ports=8469
add action=dst-nat chain=dstnat disabled=yes dst-address-list=cloudDNS \
    dst-port=8469 protocol=tcp to-addresses=192.168.8.127 to-ports=8469
add action=dst-nat chain=dstnat disabled=yes dst-address=!192.168.8.1 \
    dst-address-list=cloudDNS dst-port=8469 protocol=udp to-addresses=\
    192.168.8.127 to-ports=8469
add action=dst-nat chain=dstnat disabled=yes dst-address=102.176.195.47 \
    dst-port=27015 protocol=tcp to-addresses=192.168.8.127 to-ports=27015
add action=dst-nat chain=dstnat disabled=yes dst-address=102.176.195.47 \
    dst-port=27015 protocol=udp to-addresses=192.168.8.127 to-ports=27015
add action=dst-nat chain=dstnat disabled=yes dst-address=102.176.195.47 \
    dst-port=27016 protocol=tcp to-addresses=192.168.8.127 to-ports=27016
add action=dst-nat chain=dstnat disabled=yes dst-address=102.176.195.47 \
    dst-port=27016 protocol=udp to-addresses=192.168.8.127 to-ports=27016
add action=dst-nat chain=dstnat disabled=yes dst-address=102.176.195.47 \
    dst-port=7777 protocol=tcp to-addresses=192.168.8.127 to-ports=7777
add action=dst-nat chain=dstnat disabled=yes dst-address=102.176.195.47 \
    dst-port=7777 protocol=udp to-addresses=192.168.8.127 to-ports=7777
add action=accept chain=dstnat disabled=yes dst-port=80 protocol=tcp
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=822
set api disabled=yes
set winbox port=8299
set api-ssl disabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=PHI015
/system routerboard settings
set silent-boot=no
/system script
add name=script1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    interface bridge\r\
    \nadd name=bridge1\r\
    \n/interface wireless\r\
    \nset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-C\
    e \\\r\
    \n    disabled=no mode=ap-bridge ssid=\"SkyFibre 2.4GHz\"\r\
    \nset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80m\
    hz-eCee \\\r\
    \n    disabled=no frequency=auto mode=ap-bridge ssid=\"SkyFibre 5GHz\"\r\
    \n/interface wireless security-profiles\r\
    \nset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-metho\
    ds=\"\" \\\r\
    \n    mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=sk\
    yfi123 \\\r\
    \n    wpa2-pre-shared-key=skyfi123\r\
    \n/ip hotspot profile\r\
    \nset [ find default=yes ] html-directory=flash/hotspot\r\
    \n/ip pool\r\
    \nadd name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254\r\
    \n/ip dhcp-server\r\
    \nadd address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1\r\
    \n/interface bridge port\r\
    \nadd bridge=bridge1 interface=ether2\r\
    \nadd bridge=bridge1 interface=ether3\r\
    \nadd bridge=bridge1 interface=ether4\r\
    \nadd bridge=bridge1 interface=ether5\r\
    \nadd bridge=bridge1 interface=wlan1\r\
    \nadd bridge=bridge1 interface=wlan2\r\
    \n/ip address\r\
    \nadd address=192.168.88.1/24 interface=bridge1 network=192.168.88.0\r\
    \n/ip dhcp-client\r\
    \nadd dhcp-options=hostname,clientid disabled=no interface=ether1\r\
    \n/ip dhcp-server network\r\
    \nadd address=192.168.88.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=192.168.8\
    8.1\r\
    \n/ip dns\r\
    \nset servers=1.1.1.1,1.0.0.1\r\
    \n/ip dns static\r\
    \nadd address=192.168.88.1 name=router.lan\r\
    \n/ip firewall filter\r\
    \nadd action=fasttrack-connection chain=forward connection-state=\\\r\
    \n    established,related\r\
    \nadd action=accept chain=forward connection-state=established,related\r\
    \n/ip firewall nat\r\
    \nadd action=masquerade chain=srcnat\r\
    \n/ip firewall service-port\r\
    \nset ftp disabled=yes\r\
    \nset tftp disabled=yes\r\
    \nset irc disabled=yes\r\
    \nset h323 disabled=yes\r\
    \nset sip disabled=yes\r\
    \nset pptp disabled=yes\r\
    \nset udplite disabled=yes\r\
    \nset dccp disabled=yes\r\
    \nset sctp disabled=yes\r\
    \n/ip service\r\
    \nset telnet disabled=yes\r\
    \nset ftp disabled=yes\r\
    \nset www disabled=yes\r\
    \nset api disabled=yes\r\
    \nset winbox port=8299\r\
    \nset api-ssl disabled=yes\r\
    \n/system identity\r\
    \nset name=JAC1\r\
    \n/user set password=SKin"
Last edited by locustthe on Sun Aug 01, 2021 11:31 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Sun Aug 01, 2021 9:01 pm

/interface list member
add interface=bridge1 list=LAN
add disabled=yes interface=ether1 list=WAN
add interface=bridge1 list=WAN

(1) Why is your WAN list disabled?
(2) the bridge1 to wan list should be removed.

Rules that make no sense to me can you explain purpose.........
add action=accept chain=forward comment=PortForward disabled=yes dst-port=\
8469 out-interface-list=WAN protocol=tcp tcp-flags=""
add action=accept chain=forward comment=Rieta src-mac-address=\
40:45:DA:DC:73:5C
add action=accept chain=forward comment=allyLT src-mac-address=\
A4:97:B1:F7:8F:71
add action=accept chain=forward comment=allyLT src-mac-address=\
B2:4E:26:F7:8F:71
add action=accept chain=forward src-mac-address=00:25:AE:FE:A5:9E
add action=accept chain=forward comment=Daddie src-mac-address=\
4C:72:B9:43:EF:AB
add action=accept chain=forward comment=Monique src-mac-address=\
9C:E0:63:1C:3F:80
add action=accept chain=forward comment="Dummy om boonstes deur te laat.." \
connection-state=established
add action=log chain=forward disabled=yes dst-address=192.168.8.127 \
log-prefix=zzzz


What is special about 192.168.8.127 is that a server???

I see your sourcenat rule for hairpin nat, but not sure you need it YET/
It should go before the generic sourcenat rule I believe,
In any case the basic sourcenat rule is missing out-interface=ether1

Is this your public IP and if so needs to removed from the config posted.... ( I dont understand the purpose of the dst-address unless you have a static WANIP fixed not dynamic???)
add action=dst-nat chain=dstnat comment=portForward disabled=yes dst-address=\
165.xx. xx.xx dst-port=8469 in-interface=ether1 protocol=tcp \
to-addresses=192.168.8.127 to-ports=8469


Then you have a port forward rule for cloud DNS, then a whole bunch for 107.xxx somethingk,
Yes this is a very confused config.

Network diagram may help you.

The rest of the firewall rules are a disaster, reset to defaults!!
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Sun Aug 01, 2021 11:39 pm

(1) Why is your WAN list disabled?
Been changing sooo much to everything i lost track. will enable it again.

(2) the bridge1 to wan list should be removed.
on it.

(3)Rules that make no sense to me can you explain purpose........
Basically i use this to block MAC address from accessing the internet. but they are still allowed on the wifi.

(4)What is special about 192.168.8.127 is that a server???
that is my computers local ip address. v4

(5) It should go before the generic sourcenat rule I believe,
on it

(6) Is this your public IP and if so needs to removed from the config posted....
thank you .. didn't know.. i've masked it..

(7) I don't understand the purpose of the dst-address unless you have a static WANIP fixed not dynamic???
me neither.. saw it in some post and added it.. i think my stuff is dynamic..

(8) Then you have a port forward rule for cloud DNS, then a whole bunch for 107.xxx somethingk,
Also from forum posts.. that's where my head exploded.. will remove all that..

(9) The rest of the firewall rules are a disaster, reset to defaults!!
thank you. will clear everything and post a new cleaned up config soon.

thanks a lot for the assistance. really appreciate the quick response..
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Sun Aug 01, 2021 11:40 pm

also... where can i paste and run this code?
or do i manually have to change it in winBox?
/interface list member
add interface=bridge1 list=LAN
add disabled=yes interface=ether1 list=WAN
add interface=bridge1 list=WAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 1:27 am

Yes you have to change it in winbox.
You can also paste code by opening winbox and going to the CLI entry point via the Terminal window.
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 9:57 am

Please find below the cleaned up config
# aug/02/2021 08:44:31 by RouterOS 6.42.10
# software id = 13HW-5X67
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 8B0808FDB7AA
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country="south africa" disabled=no frequency=auto mode=ap-bridge ssid=\
    Configure.. wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-eCee country="south africa" disabled=no frequency=auto mode=\
    ap-bridge ssid=5GHz wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    123533 wpa2-pre-shared-key=123533
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.8.110-192.168.8.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.8.1/24 interface=bridge1 network=192.168.8.0
/ip arp
add address=192.168.8.121 interface=bridge1 mac-address=FC:DB:B3:2E:DE:E3
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.8.110 always-broadcast=yes client-id=1:44:37:e6:78:cd:e0 \
    mac-address=44:37:E6:78:CD:E0 server=dhcp1
add address=192.168.8.119 client-id=1:5c:80:b6:97:9:d7 mac-address=\
    5C:80:B6:97:09:D7 server=dhcp1
add address=192.168.8.127 client-id=1:1c:87:2c:60:64:ca mac-address=\
    1C:87:2C:60:64:CA server=dhcp1
add address=192.168.8.125 always-broadcast=yes client-id=1:44:37:e6:56:a8:8d \
    mac-address=44:37:E6:56:A8:8D server=dhcp1
add address=192.168.8.112 mac-address=B0:89:00:22:E8:3A server=dhcp1
add address=192.168.8.111 client-id=1:44:37:e6:56:a9:2c mac-address=\
    44:37:E6:56:A9:2C server=dhcp1
add address=192.168.8.121 client-id=1:fc:db:b3:2e:de:e3 mac-address=\
    FC:DB:B3:2E:DE:E3 server=dhcp1
add address=192.168.8.124 client-id=1:0:12:17:2e:c4:7f mac-address=\
    00:12:17:2E:C4:7F server=dhcp1
add address=192.168.8.122 mac-address=E4:F0:42:0F:B1:7F server=dhcp1
add address=192.168.8.120 always-broadcast=yes client-id=1:b8:27:eb:db:86:45 \
    mac-address=B8:27:EB:DB:86:45 server=dhcp1
add address=192.168.8.123 client-id=1:0:12:17:3c:c5:ca mac-address=\
    00:12:17:3C:C5:CA server=dhcp1 use-src-mac=yes
add address=192.168.8.113 client-id=1:e8:de:27:54:9:e5 mac-address=\
    E8:DE:27:54:09:E5 server=dhcp1 use-src-mac=yes
add address=192.168.8.114 client-id=1:18:61:28:de:fa:8b mac-address=\
    18:61:28:DE:FA:8B server=dhcp1
add address=192.168.8.115 client-id=1:ac:72:89:a2:f9:fe mac-address=\
    AC:72:89:A2:F9:FE server=dhcp1
add address=192.168.8.116 client-id=1:3c:5:18:f1:e4:25 mac-address=\
    3C:05:18:F1:E4:25 server=dhcp1
add address=192.168.8.117 client-id=1:f0:25:b7:cc:4d:f0 mac-address=\
    F0:25:B7:CC:4D:F0 server=dhcp1
add address=192.168.8.126 client-id=1:f8:75:a4:b2:b0:b8 mac-address=\
    F8:75:A4:B2:B0:B8 server=dhcp1
add address=192.168.8.131 always-broadcast=yes client-id=1:b2:4e:26:54:9:e5 \
    mac-address=B2:4E:26:54:09:E5 server=dhcp1
add address=192.168.8.132 always-broadcast=yes client-id=1:b2:4e:26:db:86:45 \
    mac-address=B2:4E:26:DB:86:45 server=dhcp1
add address=192.168.8.133 always-broadcast=yes client-id=1:b2:4e:26:97:9:d7 \
    mac-address=B2:4E:26:97:09:D7 server=dhcp1
add address=192.168.8.118 client-id=1:0:25:ae:fe:a5:9e mac-address=\
    00:25:AE:FE:A5:9E server=dhcp1
add address=192.168.8.135 client-id=1:b2:4e:26:9a:9d:a1 mac-address=\
    B2:4E:26:9A:9D:A1 server=dhcp1
add address=192.168.8.142 client-id=1:4a:98:55:95:d:1c mac-address=\
    4A:98:55:95:0D:1C server=dhcp1
add address=192.168.8.129 client-id=1:b2:4e:26:36:f0:fc mac-address=\
    B2:4E:26:36:F0:FC server=dhcp1
add address=192.168.8.138 always-broadcast=yes mac-address=B2:4E:26:22:E8:3A \
    server=dhcp1
add address=192.168.8.134 always-broadcast=yes client-id=1:b2:4e:26:cc:4d:f0 \
    mac-address=B2:4E:26:CC:4D:F0 server=dhcp1
add address=192.168.8.141 always-broadcast=yes client-id=1:b2:4e:26:d9:54:36 \
    mac-address=B2:4E:26:D9:54:36 server=dhcp1
add address=192.168.8.143 client-id=1:54:25:ea:d9:54:36 mac-address=\
    54:25:EA:D9:54:36 server=dhcp1
add address=192.168.8.140 client-id=1:ba:36:f9:e0:26:7b mac-address=\
    BA:36:F9:E0:26:7B server=dhcp1
add address=192.168.8.139 always-broadcast=yes client-id=1:b2:4e:26:2e:de:e3 \
    mac-address=B2:4E:26:2E:DE:E3 server=dhcp1
add address=192.168.8.130 client-id=1:20:6e:9c:81:19:33 mac-address=\
    20:6E:9C:81:19:33 server=dhcp1
add address=192.168.8.128 client-id=1:54:4:a6:77:50:94 mac-address=\
    54:04:A6:77:50:94 server=dhcp1
add address=192.168.8.146 always-broadcast=yes client-id=1:b2:4e:26:a2:f9:fe \
    mac-address=B2:4E:26:A2:F9:FE server=dhcp1
add address=192.168.8.150 mac-address=EC:8C:9A:7C:65:81 server=dhcp1
add address=192.168.8.137 client-id=1:4c:72:b9:43:ef:ab mac-address=\
    4C:72:B9:43:EF:AB server=dhcp1
add address=192.168.8.148 client-id=1:10:92:66:91:df:9a mac-address=\
    10:92:66:91:DF:9A server=dhcp1
add address=192.168.8.144 client-id=1:a4:97:b1:f7:8f:71 mac-address=\
    A4:97:B1:F7:8F:71 server=dhcp1
add address=192.168.8.136 client-id=1:b2:4e:26:f7:8f:71 mac-address=\
    B2:4E:26:F7:8F:71 server=dhcp1
add address=192.168.8.151 client-id=1:7e:69:2d:d3:a2:83 mac-address=\
    7E:69:2D:D3:A2:83 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1,8.8.4.4,8.8.8.8 gateway=\
    192.168.8.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.8.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.8.0/24 src-address=\
    192.168.8.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
add action=dst-nat chain=dstnat dst-port=8469 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.8.127 to-ports=8469
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=822
set api disabled=yes
set winbox port=8299
set api-ssl disabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=PTI015
/system routerboard settings
set silent-boot=no
/system script
add name=script1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    interface bridge\r\
    \nadd name=bridge1\r\
    \n/interface wireless\r\
    \nset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-C\
    e \\\r\
    \n    disabled=no mode=ap-bridge ssid=\"Ske 2.4GHz\"\r\
    \nset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80m\
    hz-eCee \\\r\
    \n    disabled=no frequency=auto mode=ap-bridge ssid=\"Skibre 5GHz\"\r\
    \n/interface wireless security-profiles\r\
    \nset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-metho\
    ds=\"\" \\\r\
    \n    mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=sk\
    yfi23 \\\r\
    \n    wpa2-pre-shared-key=sk3\r\
    \n/ip hotspot profile\r\
    \nset [ find default=yes ] html-directory=flash/hotspot\r\
    \n/ip pool\r\
    \nadd name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254\r\
    \n/ip dhcp-server\r\
    \nadd address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1\r\
    \n/interface bridge port\r\
    \nadd bridge=bridge1 interface=ether2\r\
    \nadd bridge=bridge1 interface=ether3\r\
    \nadd bridge=bridge1 interface=ether4\r\
    \nadd bridge=bridge1 interface=ether5\r\
    \nadd bridge=bridge1 interface=wlan1\r\
    \nadd bridge=bridge1 interface=wlan2\r\
    \n/ip address\r\
    \nadd address=192.168.88.1/24 interface=bridge1 network=192.168.88.0\r\
    \n/ip dhcp-client\r\
    \nadd dhcp-options=hostname,clientid disabled=no interface=ether1\r\
    \n/ip dhcp-server network\r\
    \nadd address=192.168.88.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=192.168.8\
    8.1\r\
    \n/ip dns\r\
    \nset servers=1.1.1.1,1.0.0.1\r\
    \n/ip dns static\r\
    \nadd address=192.168.88.1 name=router.lan\r\
    \n/ip firewall filter\r\
    \nadd action=fasttrack-connection chain=forward connection-state=\\\r\
    \n    established,related\r\
    \nadd action=accept chain=forward connection-state=established,related\r\
    \n/ip firewall nat\r\
    \nadd action=masquerade chain=srcnat\r\
    \n/ip firewall service-port\r\
    \nset ftp disabled=yes\r\
    \nset tftp disabled=yes\r\
    \nset irc disabled=yes\r\
    \nset h323 disabled=yes\r\
    \nset sip disabled=yes\r\
    \nset pptp disabled=yes\r\
    \nset udplite disabled=yes\r\
    \nset dccp disabled=yes\r\
    \nset sctp disabled=yes\r\
    \n/ip service\r\
    \nset telnet disabled=yes\r\
    \nset ftp disabled=yes\r\
    \nset www disabled=yes\r\
    \nset api disabled=yes\r\
    \nset winbox port=8299\r\
    \nset api-ssl disabled=yes\r\
    \n/system identity\r\
    \nset name=JAC\r\
    \n/user set password=SK4! admin"
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 11:30 am

You pratically do not have any firewall rule...

Paste this on terminal
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=passthrough
/ip dhcp-server network
set [find] dns-server=192.168.8.1
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall nat
remove [find where dst-address=192.168.8.0/24 and src-address=192.168.8.0/24]
/ip upnp
set enabled=yes
/system script
remove [find]
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 12:06 pm

Thank you. i copy pasted that into terminal. lost wifi for a few seconds then it came back.. but still no response to website...
Just to confirm: my PC is plugged in directly to the router using a cable. my local IP is 192.168.8.127. This is where i'm running (Dyson's Sphere) which requires me to forward port 8469 so that my friend sitting about 600km away from me can join my game.

Thanks again for the assistance.

Response on PortChecker website..
Port Checker
Check for open ports and verify port forwarding setup on your router.
Your IP Address
1xx.7x.4x.xx5
<Use Current IP>
Port Number
8469
Check
Port 8469 is closed.


this is the new config.
# aug/02/2021 10:56:48 by RouterOS 6.42.10
# software id = 13HW-5X67
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 8B0808FDB7AA
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-Ce \
    country="south africa" disabled=no frequency=auto mode=ap-bridge ssid=\
    Configure.. wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-eCee country="south africa" disabled=no frequency=auto mode=\
    ap-bridge ssid=5GHz wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=125333 \
    wpa2-pre-shared-key=125333
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.8.110-192.168.8.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.8.1/24 interface=bridge1 network=192.168.8.0
/ip arp
add address=192.168.8.121 interface=bridge1 mac-address=FC:DB:B3:2E:DE:E3
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.8.110 always-broadcast=yes client-id=1:44:37:e6:78:cd:e0 \
    mac-address=44:37:E6:78:CD:E0 server=dhcp1
add address=192.168.8.119 client-id=1:5c:80:b6:97:9:d7 mac-address=\
    5C:80:B6:97:09:D7 server=dhcp1
add address=192.168.8.127 client-id=1:1c:87:2c:60:64:ca mac-address=\
    1C:87:2C:60:64:CA server=dhcp1
add address=192.168.8.125 always-broadcast=yes client-id=1:44:37:e6:56:a8:8d \
    mac-address=44:37:E6:56:A8:8D server=dhcp1
add address=192.168.8.111 client-id=1:44:37:e6:56:a9:2c mac-address=\
    44:37:E6:56:A9:2C server=dhcp1
add address=192.168.8.121 client-id=1:fc:db:b3:2e:de:e3 mac-address=\
    FC:DB:B3:2E:DE:E3 server=dhcp1
add address=192.168.8.124 client-id=1:0:12:17:2e:c4:7f mac-address=\
    00:12:17:2E:C4:7F server=dhcp1
add address=192.168.8.122 mac-address=E4:F0:42:0F:B1:7F server=dhcp1
add address=192.168.8.120 always-broadcast=yes client-id=1:b8:27:eb:db:86:45 \
    mac-address=B8:27:EB:DB:86:45 server=dhcp1
add address=192.168.8.123 client-id=1:0:12:17:3c:c5:ca mac-address=\
    00:12:17:3C:C5:CA server=dhcp1 use-src-mac=yes
add address=192.168.8.113 client-id=1:e8:de:27:54:9:e5 mac-address=\
    E8:DE:27:54:09:E5 server=dhcp1 use-src-mac=yes
add address=192.168.8.115 client-id=1:ac:72:89:a2:f9:fe mac-address=\
    AC:72:89:A2:F9:FE server=dhcp1
add address=192.168.8.116 client-id=1:3c:5:18:f1:e4:25 mac-address=\
    3C:05:18:F1:E4:25 server=dhcp1
add address=192.168.8.117 client-id=1:f0:25:b7:cc:4d:f0 mac-address=\
    F0:25:B7:CC:4D:F0 server=dhcp1
add address=192.168.8.126 client-id=1:f8:75:a4:b2:b0:b8 mac-address=\
    F8:75:A4:B2:B0:B8 server=dhcp1
add address=192.168.8.131 always-broadcast=yes client-id=1:b2:4e:26:54:9:e5 \
    mac-address=B2:4E:26:54:09:E5 server=dhcp1
add address=192.168.8.132 always-broadcast=yes client-id=1:b2:4e:26:db:86:45 \
    mac-address=B2:4E:26:DB:86:45 server=dhcp1
add address=192.168.8.133 always-broadcast=yes client-id=1:b2:4e:26:97:9:d7 \
    mac-address=B2:4E:26:97:09:D7 server=dhcp1
add address=192.168.8.118 client-id=1:0:25:ae:fe:a5:9e mac-address=\
    00:25:AE:FE:A5:9E server=dhcp1
add address=192.168.8.142 client-id=1:4a:98:55:95:d:1c mac-address=\
    4A:98:55:95:0D:1C server=dhcp1
add address=192.168.8.129 client-id=1:b2:4e:26:36:f0:fc mac-address=\
    B2:4E:26:36:F0:FC server=dhcp1
add address=192.168.8.134 always-broadcast=yes client-id=1:b2:4e:26:cc:4d:f0 \
    mac-address=B2:4E:26:CC:4D:F0 server=dhcp1
add address=192.168.8.139 always-broadcast=yes client-id=1:b2:4e:26:2e:de:e3 \
    mac-address=B2:4E:26:2E:DE:E3 server=dhcp1
add address=192.168.8.128 client-id=1:54:4:a6:77:50:94 mac-address=\
    54:04:A6:77:50:94 server=dhcp1
add address=192.168.8.146 always-broadcast=yes client-id=1:b2:4e:26:a2:f9:fe \
    mac-address=B2:4E:26:A2:F9:FE server=dhcp1
add address=192.168.8.137 client-id=1:4c:72:b9:43:ef:ab mac-address=\
    4C:72:B9:43:EF:AB server=dhcp1
add address=192.168.8.148 client-id=1:10:92:66:91:df:9a mac-address=\
    10:92:66:91:DF:9A server=dhcp1
add address=192.168.8.149 client-id=1:d4:8a:39:40:75:18 mac-address=\
    D4:8A:39:40:75:18 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1 gateway=192.168.8.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.8.1 name=router.lan
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.8.0/24 src-address=\
    192.168.8.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
add action=dst-nat chain=dstnat dst-port=8469 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.8.127 to-ports=8469
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=822
set api disabled=yes
set winbox port=8299
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=P23415
/system routerboard settings
set silent-boot=no
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 12:24 pm

not sure if this will help.. but i did a port scan using below:
https://portchecker.co/online-port-scanner

Everything is closed except DNS..
Port Scanning Result For 1xx.xx.x2.xx5
Your IP Address : 1xx.xx.x2.xx5

Service	Port	Status
FTP Data Transfer	20	closed
FTP Control	21	closed
SSH (Secure Shell)	22	closed
Telnet, a Remote Login Service	23	closed
SMTP (Simple Mail Transfer Protocol)	25	closed
DNS (Domain Name System)	53	open
HTTP (Hypertext Transfer Protocol)	80	closed
POP3 (Post Office Protocol 3)	110	closed
SFTP (Secure File Transfer Protocol)	115	closed
NTP (Network Time Protocol)	123	closed
IMAP (Internet Message Access Protocol)	143	closed
SNMP (Simple Network Management Protocol	161	closed
IRC (Internet Relay Chat)	194	closed
HTTPS (Hypertext Transfer Protocol Secure)	443	closed
Microsoft-DS SMB File Sharing	445	closed
SMTPS (Simple Mail Transfer Protocol over SSL)	465	closed
RTSP (Real Time Stream Control Protocol)	554	closed
RSYNC (RSYNC File Transfer Services)	873	closed
IMAPS (Internet Message Access Protocol over SSL)	993	closed
POP3S (Post Office Protocol 3 over SSL)	995	closed
RDP (Remote Desktop Protocol)	3389	closed
PC Anywhere	5631	closed
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 3:02 pm

It's time to upgrade to 6.47.10 you still use a old 6.42.10 full of bug and possibilites of hack, and you do not have firewall.

After upgrade to 6.47.10 paste this on terminal without omit the { } !!!
{
/ip firewall filter
remove [find]
add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
add chain=forward action=accept connection-state=established,related,untracked \
    comment="defconf: accept established,related, untracked"
add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN \
    comment="defconf: drop all from WAN not DSTNATed"
/ip firewall nat
remove [find]
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
add action=dst-nat chain=dstnat dst-port=8469 in-interface=ether1 protocol=tcp to-addresses=192.168.8.127 to-ports=8469 \
    comment="TCP Port forwarding to 192.168.8.127"
add action=dst-nat chain=dstnat dst-port=8469 in-interface=ether1 protocol=udp to-addresses=192.168.8.127 to-ports=8469 \
    comment="UDP Port forwarding to 192.168.8.127"
}

After that, repost new config for fine-tuning
Last edited by rextended on Mon Aug 02, 2021 6:19 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 4:13 pm

Also, do you have your friends public IP address?
If not get it, if its dynamic tell him/her to get a free dyndns name and associate that with his public IP etc.......

In other words, on your dst-nat rule for the server ensure you add a source address list with the public IPs that you want to allow to access the server.
This will make the server invisible on scans vice visible but open and of course limit access to generic bots.........
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 5:25 pm

Hi.thank you for all the suggestions. i upgraded.
I will try get it from him.

New and improved output below. Still same response from PortChecker though: Port 8469 is closed.
# aug/02/2021 15:51:33 by RouterOS 6.48.3
# software id = 13HW-5X67
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 8B0808FDB7AA
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-g/n channel-width=\
    20/40mhz-Ce country="south africa" disabled=no frequency=auto \
    frequency-mode=manual-txpower mode=ap-bridge ssid=Configure.. \
    station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
    channel-width=20/40/80mhz-eCee country="south africa" disabled=no \
    frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=5GHz \
    station-roaming=enabled wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=12533 \
    wpa2-pre-shared-key=12533
/ip pool
add name=dhcp ranges=192.168.8.110-192.168.8.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.8.1/24 interface=bridge1 network=192.168.8.0
/ip arp
add address=192.168.8.121 interface=bridge1 mac-address=FC:DB:B3:2E:DE:E3
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.8.110 always-broadcast=yes client-id=1:44:37:e6:78:cd:e0 \
    mac-address=44:37:E6:78:CD:E0 server=dhcp1
add address=192.168.8.119 client-id=1:5c:80:b6:97:9:d7 mac-address=\
    5C:80:B6:97:09:D7 server=dhcp1
add address=192.168.8.127 client-id=1:1c:87:2c:60:64:ca mac-address=\
    1C:87:2C:60:64:CA server=dhcp1
add address=192.168.8.125 always-broadcast=yes client-id=1:44:37:e6:56:a8:8d \
    mac-address=44:37:E6:56:A8:8D server=dhcp1
add address=192.168.8.111 client-id=1:44:37:e6:56:a9:2c mac-address=\
    44:37:E6:56:A9:2C server=dhcp1
add address=192.168.8.121 client-id=1:fc:db:b3:2e:de:e3 mac-address=\
    FC:DB:B3:2E:DE:E3 server=dhcp1
add address=192.168.8.124 client-id=1:0:12:17:2e:c4:7f mac-address=\
    00:12:17:2E:C4:7F server=dhcp1
add address=192.168.8.122 mac-address=E4:F0:42:0F:B1:7F server=dhcp1
add address=192.168.8.120 always-broadcast=yes client-id=1:b8:27:eb:db:86:45 \
    mac-address=B8:27:EB:DB:86:45 server=dhcp1
add address=192.168.8.123 client-id=1:0:12:17:3c:c5:ca mac-address=\
    00:12:17:3C:C5:CA server=dhcp1 use-src-mac=yes
add address=192.168.8.113 client-id=1:e8:de:27:54:9:e5 mac-address=\
    E8:DE:27:54:09:E5 server=dhcp1 use-src-mac=yes
add address=192.168.8.115 client-id=1:ac:72:89:a2:f9:fe mac-address=\
    AC:72:89:A2:F9:FE server=dhcp1
add address=192.168.8.116 client-id=1:3c:5:18:f1:e4:25 mac-address=\
    3C:05:18:F1:E4:25 server=dhcp1
add address=192.168.8.117 client-id=1:f0:25:b7:cc:4d:f0 mac-address=\
    F0:25:B7:CC:4D:F0 server=dhcp1
add address=192.168.8.126 client-id=1:f8:75:a4:b2:b0:b8 mac-address=\
    F8:75:A4:B2:B0:B8 server=dhcp1
add address=192.168.8.131 always-broadcast=yes client-id=1:b2:4e:26:54:9:e5 \
    mac-address=B2:4E:26:54:09:E5 server=dhcp1
add address=192.168.8.132 always-broadcast=yes client-id=1:b2:4e:26:db:86:45 \
    mac-address=B2:4E:26:DB:86:45 server=dhcp1
add address=192.168.8.133 always-broadcast=yes client-id=1:b2:4e:26:97:9:d7 \
    mac-address=B2:4E:26:97:09:D7 server=dhcp1
add address=192.168.8.118 client-id=1:0:25:ae:fe:a5:9e mac-address=\
    00:25:AE:FE:A5:9E server=dhcp1
add address=192.168.8.142 client-id=1:4a:98:55:95:d:1c mac-address=\
    4A:98:55:95:0D:1C server=dhcp1
add address=192.168.8.129 client-id=1:b2:4e:26:36:f0:fc mac-address=\
    B2:4E:26:36:F0:FC server=dhcp1
add address=192.168.8.134 always-broadcast=yes client-id=1:b2:4e:26:cc:4d:f0 \
    mac-address=B2:4E:26:CC:4D:F0 server=dhcp1
add address=192.168.8.139 always-broadcast=yes client-id=1:b2:4e:26:2e:de:e3 \
    mac-address=B2:4E:26:2E:DE:E3 server=dhcp1
add address=192.168.8.128 client-id=1:54:4:a6:77:50:94 mac-address=\
    54:04:A6:77:50:94 server=dhcp1
add address=192.168.8.146 always-broadcast=yes client-id=1:b2:4e:26:a2:f9:fe \
    mac-address=B2:4E:26:A2:F9:FE server=dhcp1
add address=192.168.8.137 client-id=1:4c:72:b9:43:ef:ab mac-address=\
    4C:72:B9:43:EF:AB server=dhcp1
add address=192.168.8.148 client-id=1:10:92:66:91:df:9a mac-address=\
    10:92:66:91:DF:9A server=dhcp1
add address=192.168.8.149 client-id=1:d4:8a:39:40:75:18 mac-address=\
    D4:8A:39:40:75:18 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1 gateway=192.168.8.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.8.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=forward comment=\
    "TCP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
    protocol=tcp
add action=accept chain=forward comment=\
    "UDP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
    protocol=udp
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
add action=dst-nat chain=dstnat comment=\
    "TCP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
    protocol=tcp to-addresses=192.168.8.127 to-ports=8469
add action=dst-nat chain=dstnat comment=\
    "UDP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
    protocol=udp to-addresses=192.168.8.127 to-ports=8469
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=822
set api disabled=yes
set winbox port=8299
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=EHER5
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 5:30 pm

Closed will be the normal response from a scan. This is expected.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 5:31 pm

Remove these port forwarding rules, have no business being in the forward chain!
I want to know where you saw this done ? What example ?

add action=accept chain=forward comment=\
"TCP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
protocol=tcp
add action=accept chain=forward comment=\
"UDP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
protocol=udp
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 5:49 pm

now i'm confused..

above config from Rex added them.
and from all the forums i've read so far this is where port forwarding happens?
or am i missing the plot?

in which chain do they belong if not there?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 6:08 pm

@anav sorry, doing all at memory because I do not have the machine directly controlled.

Final fix and removed useless firewall rules,
paste this on terminal wthout omit { } :
{
/interface bridge
set bridge1 protocol=none
/interface ethernet
set [ find ] advertise=10M-half,10M-full,100M-half,100M-full
/ip neighbor discovery-settings
set discover-interface-list=static
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,!dude,tikapp"
/ip ssh
set allow-none-crypto=no forwarding-enabled=no
/ip firewall filter
remove [find]
add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
add chain=forward action=accept connection-state=established,related,untracked \
    comment="defconf: accept established,related, untracked"
add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN \
    comment="defconf: drop all from WAN not DSTNATed"
}


Final touch, copy ether2 MAC address and put it as admin mac on bridge1
Last edited by rextended on Mon Aug 02, 2021 6:20 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 6:15 pm

Again wrong.
add action=accept chain=input comment="TCP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 protocol=tcp
add action=accept chain=input comment="UDP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 protocol=udp


Please listen to logic,
Input chain is for traffic to and from the router itself ( DNS, NTP, VPN etc...........) NOT PORT FORWARDING.
Forward chain is for traffic from WAN to LAN, LAN to WAN and LAN to LAN.

The only rule required in the forward chain for port forwarding is a WAN to LAN rule to allow destination type packets through the firewall.
The way this is done is to state to the router, please block (drop) all packets coming from the WAN that are not dst nat type packets.
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN \
comment="defconf: drop all from WAN not DSTNATed"

Then and ONLY IN NAT RULES, do we make the dst-nat port forwarding rules delineating which ports, which lan side server, which protocol etc...... which wan the traffic will be coming in on!
As well here is the right place to state which allowed public WANIPs are permitted if you have such a source address list.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 6:23 pm

Ok, ok, I everytime forget dst-nat is coming just after prerouting, too much raw ehm..... :P :lol:

this rule is already present on both my suggested config:
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN \
comment="defconf: drop all from WAN not DSTNATed"

Now, when the user paste last script and do last hint,
must understand if Dyson's Sphere open the port or not
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 6:51 pm

thank you.
ran the script. router restarted. or crashed.. not sure.. either way it came back on. new lines in filter is there.
so does checking my port state from https://portchecker.co/ not give me any indication of open ports? will it always show CLOSED?

sorry, how do i do this?
ether2 mac: is this my pc's mac?
How/where do i "put it as admin mac" on bridge1?
Final touch, copy ether2 MAC address and put it as admin mac on bridge1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 6:56 pm

paste this and re-export for see if all goes ok:

/int bridge set bridge1 protocol-mode=none admin-mac=[/int ether get ether2 mac-address] auto-mac=no

Afther this, you have a router well protected and "tuned",
but at this point must be checked the PC if open the post correctly.
Website of the game?
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 7:06 pm

thank you :D
was asking for Ford and seems i'm getting a Rolls-Royce :D
waiting for my friend to get online then will ask him to test.

thanks again.
# aug/02/2021 18:00:45 by RouterOS 6.48.3
# software id = 13HW-5X67
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 8B0808FDB7AA
/interface bridge
add admin-mac=CC:2D:E0:66:08:9A auto-mac=no name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-g/n channel-width=\
    20/40mhz-Ce country="south africa" disabled=no frequency=auto \
    frequency-mode=manual-txpower mode=ap-bridge ssid=Configure.. \
    station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
    channel-width=20/40/80mhz-eCee country="south africa" disabled=no \
    frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=5GHz \
    station-roaming=enabled wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=125333 \
    wpa2-pre-shared-key=125333
/ip pool
add name=dhcp ranges=192.168.8.110-192.168.8.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.8.1/24 interface=bridge1 network=192.168.8.0
/ip arp
add address=192.168.8.121 interface=bridge1 mac-address=FC:DB:B3:2E:DE:E3
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.8.110 always-broadcast=yes client-id=1:44:37:e6:78:cd:e0 \
    mac-address=44:37:E6:78:CD:E0 server=dhcp1
add address=192.168.8.119 client-id=1:5c:80:b6:97:9:d7 mac-address=\
    5C:80:B6:97:09:D7 server=dhcp1
add address=192.168.8.127 client-id=1:1c:87:2c:60:64:ca mac-address=\
    1C:87:2C:60:64:CA server=dhcp1
add address=192.168.8.125 always-broadcast=yes client-id=1:44:37:e6:56:a8:8d \
    mac-address=44:37:E6:56:A8:8D server=dhcp1
add address=192.168.8.111 client-id=1:44:37:e6:56:a9:2c mac-address=\
    44:37:E6:56:A9:2C server=dhcp1
add address=192.168.8.121 client-id=1:fc:db:b3:2e:de:e3 mac-address=\
    FC:DB:B3:2E:DE:E3 server=dhcp1
add address=192.168.8.124 client-id=1:0:12:17:2e:c4:7f mac-address=\
    00:12:17:2E:C4:7F server=dhcp1
add address=192.168.8.122 mac-address=E4:F0:42:0F:B1:7F server=dhcp1
add address=192.168.8.120 always-broadcast=yes client-id=1:b8:27:eb:db:86:45 \
    mac-address=B8:27:EB:DB:86:45 server=dhcp1
add address=192.168.8.123 client-id=1:0:12:17:3c:c5:ca mac-address=\
    00:12:17:3C:C5:CA server=dhcp1 use-src-mac=yes
add address=192.168.8.113 client-id=1:e8:de:27:54:9:e5 mac-address=\
    E8:DE:27:54:09:E5 server=dhcp1 use-src-mac=yes
add address=192.168.8.115 client-id=1:ac:72:89:a2:f9:fe mac-address=\
    AC:72:89:A2:F9:FE server=dhcp1
add address=192.168.8.116 client-id=1:3c:5:18:f1:e4:25 mac-address=\
    3C:05:18:F1:E4:25 server=dhcp1
add address=192.168.8.117 client-id=1:f0:25:b7:cc:4d:f0 mac-address=\
    F0:25:B7:CC:4D:F0 server=dhcp1
add address=192.168.8.126 client-id=1:f8:75:a4:b2:b0:b8 mac-address=\
    F8:75:A4:B2:B0:B8 server=dhcp1
add address=192.168.8.131 always-broadcast=yes client-id=1:b2:4e:26:54:9:e5 \
    mac-address=B2:4E:26:54:09:E5 server=dhcp1
add address=192.168.8.132 always-broadcast=yes client-id=1:b2:4e:26:db:86:45 \
    mac-address=B2:4E:26:DB:86:45 server=dhcp1
add address=192.168.8.133 always-broadcast=yes client-id=1:b2:4e:26:97:9:d7 \
    mac-address=B2:4E:26:97:09:D7 server=dhcp1
add address=192.168.8.118 client-id=1:0:25:ae:fe:a5:9e mac-address=\
    00:25:AE:FE:A5:9E server=dhcp1
add address=192.168.8.142 client-id=1:4a:98:55:95:d:1c mac-address=\
    4A:98:55:95:0D:1C server=dhcp1
add address=192.168.8.129 client-id=1:b2:4e:26:36:f0:fc mac-address=\
    B2:4E:26:36:F0:FC server=dhcp1
add address=192.168.8.134 always-broadcast=yes client-id=1:b2:4e:26:cc:4d:f0 \
    mac-address=B2:4E:26:CC:4D:F0 server=dhcp1
add address=192.168.8.139 always-broadcast=yes client-id=1:b2:4e:26:2e:de:e3 \
    mac-address=B2:4E:26:2E:DE:E3 server=dhcp1
add address=192.168.8.128 client-id=1:54:4:a6:77:50:94 mac-address=\
    54:04:A6:77:50:94 server=dhcp1
add address=192.168.8.146 always-broadcast=yes client-id=1:b2:4e:26:a2:f9:fe \
    mac-address=B2:4E:26:A2:F9:FE server=dhcp1
add address=192.168.8.137 client-id=1:4c:72:b9:43:ef:ab mac-address=\
    4C:72:B9:43:EF:AB server=dhcp1
add address=192.168.8.148 client-id=1:10:92:66:91:df:9a mac-address=\
    10:92:66:91:DF:9A server=dhcp1
add address=192.168.8.149 client-id=1:d4:8a:39:40:75:18 mac-address=\
    D4:8A:39:40:75:18 server=dhcp1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.1 gateway=192.168.8.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.8.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
add action=dst-nat chain=dstnat comment=\
    "TCP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
    protocol=tcp to-addresses=192.168.8.127 to-ports=8469
add action=dst-nat chain=dstnat comment=\
    "UDP Port forwarding to 192.168.8.127" dst-port=8469 in-interface=ether1 \
    protocol=udp to-addresses=192.168.8.127 to-ports=8469
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=822
set api disabled=yes
set winbox port=8299
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=xxxx
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 7:31 pm

rextended is a very worthy assistant in that he has deep knowledge and experience.
I have very little and for me its more important for you to learn something while implementing the config vice simply copying and pasting solutions.
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 8:23 pm

true. i must learn these things..
next i want to allow port forwarding on 27015 27016 and 7777.
i want to setup a small ARK server..

but first lets get this one to work.. :D

friend said his online in about 10min.. then we can test.
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Mon Aug 02, 2021 8:40 pm

He has connected!!!!! YAY!!!!

funny thing.. when i started the game and was waiting for him to join..
i clicked the portCheker one more time and it actually did say: Port 8469 is open.


Thanks a BRAZILLIAN!! you guys are the BEST!! :D :D :D
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: winBox Port Forward No Response-Plz Help  [SOLVED]

Mon Aug 02, 2021 10:39 pm

Enjoy with firewall security!

P.S.: UPnP games & devices on your network now works without open ports manually ;))
 
locustthe
just joined
Topic Author
Posts: 14
Joined: Sun Aug 01, 2021 6:43 pm

Re: winBox Port Forward No Response-Plz Help

Tue Aug 03, 2021 9:03 am

Thank you to both @anav and @rextended. Not sure where i can up vote or give praise on this site?

Really appreciate all the help!! We managed to conquer a planet last night thanx to you :D

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], Knapek, menyarito and 87 guests