Community discussions

MikroTik App
 
welan
newbie
Topic Author
Posts: 37
Joined: Thu Jul 10, 2008 12:06 am
Location: Italy
Contact:

Stupid Port Forwading Question

Tue Jan 26, 2010 12:43 pm

Hello, I need some help on port forwarding to internal web server on port 80.
Here are the rules that I created on the wireless antenna (CPE Client)

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 protocol=\
udp to-addresses=192.168.1.251 to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
XXX.XXX.XXX.XXX dst-port=80 protocol=tcp to-addresses=YYY.YYY.YYY.YYY \
to-ports=80

where:
XXX.XXX.XXX.XXX is the ip of wireless side of cpe
YYY.YYY.YYY.YYY is the ip of the webserver on the ether side

Any help? I think this is correct.
Many thanks.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6047
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Stupid Port Forwading Question

Tue Jan 26, 2010 4:14 pm

forwarding rule to server looks correct. Do you have any problems?
 
welan
newbie
Topic Author
Posts: 37
Joined: Thu Jul 10, 2008 12:06 am
Location: Italy
Contact:

Re: Stupid Port Forwading Question

Tue Jan 26, 2010 4:51 pm

Yes, I have still problem.
I cannot reach the webserver, I see in the connection tracking of the firewall, the syn packet of tcp, but I don't see any reply. (In the lan I reach the webserver).
If I torch the ether1, I see the connection form my host to the webserver. No idea because the rule don't work.
How can i see the firewall log of mikrotik?
Many thanks.

PS I have ros 3.31 on rb411 preinstalled
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6047
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Stupid Port Forwading Question

Tue Jan 26, 2010 5:04 pm

Did you cleared connection table after setting nat rule? If you had connection tracking entry already in the table before nat rule was added then, it will not work until connection table is cleared.

Look if nat rule is matching any packets
/ip firewall nat print stats
 
welan
newbie
Topic Author
Posts: 37
Joined: Thu Jul 10, 2008 12:06 am
Location: Italy
Contact:

Re: Stupid Port Forwading Question

Tue Jan 26, 2010 5:19 pm

I rebooted the board. The rule is matching the packets.
The image below shows what I see.
I confirm that in the lan the webserver is reachable.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: jprietove, marypoppins, sindy and 133 guests