Community discussions

MUM Europe 2020
 
lukef
newbie
Topic Author
Posts: 35
Joined: Mon Jul 07, 2008 4:48 am

port forwarding and firewall

Tue Sep 02, 2008 5:43 am

Hi Guys im after a bit of help with port forwarding.
I have a dsl connection connected to router os via pppoe and using hotspot and i have also setup a firewall on router os.
Basically i have created a port forward following this guide http://wiki.mikrotik.com/wiki/Forwardin ... nternal_IP
The question i have is do i also need to create a filter rule to enable the above rule to work?? If so how do i go about it
I have also created a walled garden ip entry to allow outbound connections through the hotspot for the internal ip im trying to forward to.
The issue is i cant get it to work.
ANy ideas on what im doing wrong??
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: port forwarding and firewall

Tue Sep 02, 2008 8:56 am

Post you firewall rules and walled-garden rules which are not working ?
 
lukef
newbie
Topic Author
Posts: 35
Joined: Mon Jul 07, 2008 4:48 am

Re: port forwarding and firewall

Tue Sep 02, 2008 9:24 am

Port Forward rule
chain=dstnat action=dst-nat to-addresses=10.51.51.10 to-ports=80
src-address=OUREXTIP dst-address=PPOEIP dst-port=8081
protocol=tcp

walled garden IP
# SER.. PROTOCOL DST DST-ADDRESS DST-PORT ACTION
0 hot.. tcp monitoringsystem 5721 accept
1 hot.. accept
2 hot.. accept
3 hot.. tcp OUREXTIP 0-65535 accept

firewall filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; Accept established connections
chain=input action=accept connection-state=established

2 ;;; Accept Related Connections
chain=input action=accept connection-state=related

3 ;;; Local Radius Access
chain=input action=accept src-address=127.0.0.1 dst-address=127.0.0.1
dst-port=1812-1813 protocol=udp

4 ;;; SSH Access
chain=input action=accept src-address=OUREXTIP dst-port=22
protocol=tcp

5 chain=input action=accept src-address=192.168.17.0/24 dst-port=22
protocol=tcp

6 ;;; Remote Web Interface
chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

7 chain=input action=accept src-address=10.0.19.0/24 dst-port=80
protocol=tcp

8 chain=input action=accept src-address=192.168.17.0/24 dst-port=80
protocol=tcp

9 chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

10 ;;; WinboxAccess
chain=input action=accept src-address=OUREXTIP dst-port=8291
protocol=tcp

11 chain=input action=accept src-address=192.168.17.0/24 dst-port=8291
protocol=tcp

12 ;;; Allow Limited Pings
chain=input action=accept protocol=icmp limit=50/5s,2

13 ;;; Drop excess pings
chain=input action=drop protocol=icmp

14 X chain=input action=log log-prefix=""

15 ;;; Drop everything else
chain=input action=drop
 
User avatar
Muhammad
Member Candidate
Member Candidate
Posts: 141
Joined: Wed Aug 20, 2008 9:15 pm
Location: Pakistan

Re: port forwarding and firewall

Fri Sep 05, 2008 9:40 am

Port Forward rule
chain=dstnat action=dst-nat to-addresses=10.51.51.10 to-ports=80
src-address=OUREXTIP dst-address=PPOEIP dst-port=8081
protocol=tcp

walled garden IP
# SER.. PROTOCOL DST DST-ADDRESS DST-PORT ACTION
0 hot.. tcp monitoringsystem 5721 accept
1 hot.. accept
2 hot.. accept
3 hot.. tcp OUREXTIP 0-65535 accept

firewall filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; Accept established connections
chain=input action=accept connection-state=established

2 ;;; Accept Related Connections
chain=input action=accept connection-state=related

3 ;;; Local Radius Access
chain=input action=accept src-address=127.0.0.1 dst-address=127.0.0.1
dst-port=1812-1813 protocol=udp

4 ;;; SSH Access
chain=input action=accept src-address=OUREXTIP dst-port=22
protocol=tcp

5 chain=input action=accept src-address=192.168.17.0/24 dst-port=22
protocol=tcp

6 ;;; Remote Web Interface
chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

7 chain=input action=accept src-address=10.0.19.0/24 dst-port=80
protocol=tcp

8 chain=input action=accept src-address=192.168.17.0/24 dst-port=80
protocol=tcp

9 chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

10 ;;; WinboxAccess
chain=input action=accept src-address=OUREXTIP dst-port=8291
protocol=tcp

11 chain=input action=accept src-address=192.168.17.0/24 dst-port=8291
protocol=tcp

12 ;;; Allow Limited Pings
chain=input action=accept protocol=icmp limit=50/5s,2

13 ;;; Drop excess pings
chain=input action=drop protocol=icmp

14 X chain=input action=log log-prefix=""

15 ;;; Drop everything else
chain=input action=drop
AOA
i am give you help only in winbox interface, not comand pemet , winbox its to easy

give your email or any other source i send you pic's of winbox setup for this type of port forwarding
or if you want to free online help, i help you free as a brother
Allah hafiz
any thoughts ???
think about Karma
 
gentitope
just joined
Posts: 11
Joined: Tue Dec 19, 2006 9:00 am

Re: port forwarding and firewall

Thu Sep 18, 2008 6:06 pm

I have this same problem with port forwarding a web server from my internal ip of the LAN interface.
I have tried all the dst nat rule still no result. Pls, i need your guide.
 
gentitope
just joined
Posts: 11
Joined: Tue Dec 19, 2006 9:00 am

Re: port forwarding and firewall

Fri Sep 19, 2008 12:32 pm

Hello Mohammed,

I will really appreciate it if you can send a post for the solution of this problem to mail email (gentinature@hotmail.com). Looking forward for it. Thanks

Who is online

Users browsing this forum: dioeyandika and 102 guests