Page 1 of 1

port forwarding and firewall

Posted: Tue Sep 02, 2008 5:43 am
by lukef
Hi Guys im after a bit of help with port forwarding.
I have a dsl connection connected to router os via pppoe and using hotspot and i have also setup a firewall on router os.
Basically i have created a port forward following this guide http://wiki.mikrotik.com/wiki/Forwardin ... nternal_IP
The question i have is do i also need to create a filter rule to enable the above rule to work?? If so how do i go about it
I have also created a walled garden ip entry to allow outbound connections through the hotspot for the internal ip im trying to forward to.
The issue is i cant get it to work.
ANy ideas on what im doing wrong??

Re: port forwarding and firewall

Posted: Tue Sep 02, 2008 8:56 am
by sergejs
Post you firewall rules and walled-garden rules which are not working ?

Re: port forwarding and firewall

Posted: Tue Sep 02, 2008 9:24 am
by lukef
Port Forward rule
chain=dstnat action=dst-nat to-addresses=10.51.51.10 to-ports=80
src-address=OUREXTIP dst-address=PPOEIP dst-port=8081
protocol=tcp

walled garden IP
# SER.. PROTOCOL DST DST-ADDRESS DST-PORT ACTION
0 hot.. tcp monitoringsystem 5721 accept
1 hot.. accept
2 hot.. accept
3 hot.. tcp OUREXTIP 0-65535 accept

firewall filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; Accept established connections
chain=input action=accept connection-state=established

2 ;;; Accept Related Connections
chain=input action=accept connection-state=related

3 ;;; Local Radius Access
chain=input action=accept src-address=127.0.0.1 dst-address=127.0.0.1
dst-port=1812-1813 protocol=udp

4 ;;; SSH Access
chain=input action=accept src-address=OUREXTIP dst-port=22
protocol=tcp

5 chain=input action=accept src-address=192.168.17.0/24 dst-port=22
protocol=tcp

6 ;;; Remote Web Interface
chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

7 chain=input action=accept src-address=10.0.19.0/24 dst-port=80
protocol=tcp

8 chain=input action=accept src-address=192.168.17.0/24 dst-port=80
protocol=tcp

9 chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

10 ;;; WinboxAccess
chain=input action=accept src-address=OUREXTIP dst-port=8291
protocol=tcp

11 chain=input action=accept src-address=192.168.17.0/24 dst-port=8291
protocol=tcp

12 ;;; Allow Limited Pings
chain=input action=accept protocol=icmp limit=50/5s,2

13 ;;; Drop excess pings
chain=input action=drop protocol=icmp

14 X chain=input action=log log-prefix=""

15 ;;; Drop everything else
chain=input action=drop

Re: port forwarding and firewall

Posted: Fri Sep 05, 2008 9:40 am
by Muhammad
Port Forward rule
chain=dstnat action=dst-nat to-addresses=10.51.51.10 to-ports=80
src-address=OUREXTIP dst-address=PPOEIP dst-port=8081
protocol=tcp

walled garden IP
# SER.. PROTOCOL DST DST-ADDRESS DST-PORT ACTION
0 hot.. tcp monitoringsystem 5721 accept
1 hot.. accept
2 hot.. accept
3 hot.. tcp OUREXTIP 0-65535 accept

firewall filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; Accept established connections
chain=input action=accept connection-state=established

2 ;;; Accept Related Connections
chain=input action=accept connection-state=related

3 ;;; Local Radius Access
chain=input action=accept src-address=127.0.0.1 dst-address=127.0.0.1
dst-port=1812-1813 protocol=udp

4 ;;; SSH Access
chain=input action=accept src-address=OUREXTIP dst-port=22
protocol=tcp

5 chain=input action=accept src-address=192.168.17.0/24 dst-port=22
protocol=tcp

6 ;;; Remote Web Interface
chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

7 chain=input action=accept src-address=10.0.19.0/24 dst-port=80
protocol=tcp

8 chain=input action=accept src-address=192.168.17.0/24 dst-port=80
protocol=tcp

9 chain=input action=accept src-address=OUREXTIP dst-port=80
protocol=tcp

10 ;;; WinboxAccess
chain=input action=accept src-address=OUREXTIP dst-port=8291
protocol=tcp

11 chain=input action=accept src-address=192.168.17.0/24 dst-port=8291
protocol=tcp

12 ;;; Allow Limited Pings
chain=input action=accept protocol=icmp limit=50/5s,2

13 ;;; Drop excess pings
chain=input action=drop protocol=icmp

14 X chain=input action=log log-prefix=""

15 ;;; Drop everything else
chain=input action=drop
AOA
i am give you help only in winbox interface, not comand pemet , winbox its to easy

give your email or any other source i send you pic's of winbox setup for this type of port forwarding
or if you want to free online help, i help you free as a brother
Allah hafiz

Re: port forwarding and firewall

Posted: Thu Sep 18, 2008 6:06 pm
by gentitope
I have this same problem with port forwarding a web server from my internal ip of the LAN interface.
I have tried all the dst nat rule still no result. Pls, i need your guide.

Re: port forwarding and firewall

Posted: Fri Sep 19, 2008 12:32 pm
by gentitope
Hello Mohammed,

I will really appreciate it if you can send a post for the solution of this problem to mail email (gentinature@hotmail.com). Looking forward for it. Thanks