Community discussions

MikroTik App
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Port Forwarding

Wed Nov 30, 2005 10:13 am

I need to do port forwarding on Mikrotik 2.9
I need to forward ports 80 and 3389 to the inside network.
I have one public IP address and the following NAT rules on this router
----------------------------------------------
[admin@X] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=OUT src-address=10.0.0.0/8 action=masquerade

1 chain=srcnat out-interface=OUT src-address=172.16.0.0/16 action=masquerade
----------------------------------------------
 
User avatar
raivis-v
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jul 14, 2005 10:21 am
Location: Latvia, Riga

Re: Port Forwarding

Wed Nov 30, 2005 11:11 am

You can find it here:
http://www.mikrotik.com/docs/ros/2.9/ip/nat
 chain=dstnat dst-address=[your public IP] protocol=tcp dst-port=80 
 action=dst-nat to-addresses=[your loal IP] to-ports=80 
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

:(

Wed Nov 30, 2005 1:33 pm

It isn't working. PUBLIC_IP is the IP address of outside interface

[admin@X] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ADSL src-address=10.0.0.0/8 action=masquerade

1 chain=srcnat out-interface=ADSL src-address=172.16.0.0/16 action=masquerade

2 chain=dstnat dst-address=PUBLIC_IP protocol=tcp dst-port=3389 action=dst-nat to-addresses=10.10.10.3 to-ports=3389
 
User avatar
raivis-v
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Jul 14, 2005 10:21 am
Location: Latvia, Riga

Re: :(

Wed Nov 30, 2005 2:04 pm

Check you firewall rules, because NAT rules are correct. Also check, if your windows remote desktop is configured properly.
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Wed Nov 30, 2005 2:35 pm

I do not have any Firewall rules configured. Only this that come with Mikrotik by default if they are any. Do I need to open port 3389
 
Tonda
Member Candidate
Member Candidate
Posts: 165
Joined: Thu Jun 30, 2005 12:59 pm

Wed Nov 30, 2005 9:25 pm

Maybe stupid questions, but for sure:
1. what address do you type in to RDP client window?
2. Can you log incoming packets to your Mikrotik? Are packets really accepted and forwarded by Mikrotik?
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Thu Dec 01, 2005 1:06 pm

WITHOUT dst-address=PUBLIC_IP_OF_THE_ROUTER everything works just fine
WHYYYYY

[admin@X] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ADSL src-address=10.0.0.0/8 action=masquerade

1 chain=srcnat out-interface=ADSL src-address=172.16.0.0/16
action=masquerade

2 chain=dstnat protocol=tcp dst-port=3389 action=dst-nat
to-addresses=10.10.10.3 to-ports=3389
[admin@X] ip firewall nat>
 
Tonda
Member Candidate
Member Candidate
Posts: 165
Joined: Thu Jun 30, 2005 12:59 pm

Thu Dec 01, 2005 1:09 pm

Could you please answer my previous questions?
 
Tonda
Member Candidate
Member Candidate
Posts: 165
Joined: Thu Jun 30, 2005 12:59 pm

Thu Dec 01, 2005 1:26 pm

Could you please answer my previous questions?
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Thu Dec 01, 2005 1:26 pm

Everything is working. Why to log anything. And the address is the public IP of the router
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Thu Dec 01, 2005 1:31 pm

The question is why it works without DST-ADDRESS=PUBLIC_IP
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Thu Dec 01, 2005 2:00 pm

zack,
dst-port forward all traffic, which has required destination-port (it does not matter, what packet destination address is).
if you will have dst-address, proper destination address for correct forwarding required.
router will redirect packets with dst-address and dst-port.
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Thu Dec 01, 2005 4:55 pm

Sorry but when I put dst-address=public_ip which is IP address of Mikrotik outside interface and it isn't working. Maybe it's a bug or.....
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Thu Dec 01, 2005 5:00 pm

I do not have any problems with traffic redirection, if dst-address is configured.
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Problem description

Mon Dec 05, 2005 11:37 pm

When I make port forwarding let say on port 27015 all traffic is forwarded to this IP not just that to port 27015. Can you tell me why
 
zack
newbie
Topic Author
Posts: 40
Joined: Tue Dec 21, 2004 7:13 pm

Tue Dec 06, 2005 5:46 am

Sometimes when I add rule like this:

ip firewall nat add chain=dstnat protocol=tcp dst-port=23 action=dst-nat to-addresses=10.10.10.203 to-ports=23

everything stops working. All traffic is forwarded to 10.10.10.203 in this example. When I make trace i se traffic going to my gate where I make NAT and port forwarding and then going back to 10.10.10.203

But sometimes everything is working ??????

I have this topology

10.10.10.0 NETWORK -- RouterA --- RouterB --- RouterC --- RouterD(NAT)
RouterD have only one public IP
 
Tonda
Member Candidate
Member Candidate
Posts: 165
Joined: Thu Jun 30, 2005 12:59 pm

Tue Dec 06, 2005 4:03 pm

You wrote: "when I put dst-address=public_ip which is IP address of Mikrotik outside interface and it isn't working"

What does it exactly mean "it isn't working"?

Packets do not arrive to your public interface?
Packets arrive to public interface and Mikrotik handles them incorrectly?
Packets arrive to public interface, Mikrotik handles them correctly and there is other error?

This is why I asked you to log packets in case when it is "not working"....

Who is online

Users browsing this forum: Amazon [Bot], gammy69er, oskarsk, Stefgrifon and 42 guests