Community discussions

MikroTik App
 
soran1
just joined
Topic Author
Posts: 17
Joined: Mon Sep 06, 2021 11:17 am

port forwarding problem

Mon Sep 06, 2021 11:28 am

Hello.my network in the diagram picture and the problem is i cant open port for the client,i tried to make dst-nat and src-nat for the port to the client and i couldn't i tried to do it in both client router and pppoe-server and it doesn't work i tried nearly everything how i can do it
but i tried the configuration with same client routerboard but with another (isp) its worked please look at the diagram in attacment file . thank you
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: port forwarding problem

Mon Sep 06, 2021 4:08 pm

Thats a lot of port forwarding........
You have to daisy chain sourcenat and dstnat rules in that each router requires routing to the next router up the chain.
Each router requires a forward firewall rule allowing dst nat.
Each router requires a dst-nat rule with TO-ADDRESS being the LANIP of the next router down the food chain (the lower routers wanip) until you get to the last router and the TO address is the lanip address of the server.
 
soran1
just joined
Topic Author
Posts: 17
Joined: Mon Sep 06, 2021 11:17 am

Re: port forwarding problem

Tue Sep 07, 2021 12:03 am

Thats a lot of port forwarding........
You have to daisy chain sourcenat and dstnat rules in that each router requires routing to the next router up the chain.
Each router requires a forward firewall rule allowing dst nat.
Each router requires a dst-nat rule with TO-ADDRESS being the LANIP of the next router down the food chain (the lower routers wanip) until you get to the last router and the TO address is the lanip address of the server.
thanks alot sir but can you give me sloution or code to do that or examples with virtual ip's on the same diagram ,any way thank you again
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: port forwarding problem

Tue Sep 07, 2021 9:03 pm

In general, on a MT router, dont know about switches,

one needs two things.

a forward firewall rule that allows port forwarding through the firewall.
add action=accept chain=forward comment="Allow Port Forwarding" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN

b. then you need a destination NAT rule that provides the details.
typical format is.
add action=dst-nat chain=dstnat comment="Purpose of Service" dst-port=xxx protocol= {UDP or TCP} \
in-interface-list=WAN to-addresses=IPofServer to-ports=yyy***

*** To ports are only required if port translation is required, for example lets say an ISP blocks port 80, just have users come in on port 8181 (the dst port) and then put 80 as the to-port.


Last comment if the WANIP is static/fixed, then one can use dst-address instead of in-interface-list=WAN
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: port forwarding problem

Tue Sep 07, 2021 9:27 pm

Sorry, the statement saying that the same configuration of client routerboard worked with another ISP is confusing. Since your drawing mentions the two CCRs, I assume you are the ISP technician; did you work for another ISP before, or how do you know the same client routerboard worked with another ISP? Because the client says so?

You cannot get a more specific advice than the one given by @anav if you don't provide the configuration exports of all three devices (the "main" CCR, the "pppoe server" CCR, and the client device). See my automatic signature below on how to obfuscate the configurations without breaking their integrity.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], GoogleOther [Bot], Kanzler and 86 guests