Community discussions

MikroTik App
 
mhugo
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Mon Sep 19, 2005 11:48 am

Cannot reach machines via multinat and external IP

Sat Oct 25, 2008 11:00 pm

Hi!

I have a couple of services running on dedicated public IPs with static NAT.

Everything works fine from the Internet, but internal machines cannot reach the services on the external IPs.

It seems Im not getting any traffic back.

Here is a dump frommy firewall MT running 3.15 - All hosts are connected to bridge0 (Eth2+3):

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=forward comment="Drop all to trixbox webserver" disabled=yes dst-address=192.168.230.252 dst-port=\
80 protocol=tcp
/ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.230.254 to-addresses=x.x.30.5
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.230.240 to-addresses=x.x.30.6
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.230.253 to-addresses=x.x.30.7
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.230.252 to-addresses=x.x.30.8
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.230.254 to-addresses=x.x.30.9
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=x.x.30.5 to-addresses=192.168.230.254
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=x.x.30.6 to-addresses=192.168.230.240
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=x.x.30.7 to-addresses=192.168.230.253
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=x.x.30.8 to-addresses=192.168.230.252
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=x.x.30.9 to-addresses=192.168.230.254
add action=masquerade chain=srcnat comment="" disabled=no out-interface="ether1 - WAN"

Who is online

Users browsing this forum: Baidu [Spider], faxxe, leonh, Majestic-12 [Bot], SinTeZ and 87 guests