Could someone please put me in the right direction.
Im trying to open a port to my razberry, so i can access i from my mothers house.
I have read the forum for a couple of days but i cant get it to work.
Is there anybody that could make a step by step turtorial?
Raz ip 192.168.88.223
external ip 90.xx.xx.xx
Edit: i have a mikrotik rb2011uas-2hnd-in
Re: Port forwarding
Which port and protocol are you trying to use?
Re: Port forwarding
Port 8083Which port and protocol are you trying to use?
protocol tcp
Re: Port forwarding
Port 8083Which port and protocol are you trying to use?
protocol tcp
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat` dst-port=8083 \
in-interface=ether1-gateway protocol=tcp\
to-addresses=192.168.88.223 to-ports=8083Re: Port forwarding
I have tried that and did it again, but no luck/ip firewall nat
add action=dst-nat chain=dstnat` dst-port=8083 \
in-interface=ether1-gateway protocol=tcp\
to-addresses=192.168.88.223 to-ports=8083
i dont have to do anything in firewall filter rules?
Re: Port forwarding
Post your config. Also are you trying to access it from within the network, by the public ip? (e.g. hairpin)I have tried that and did it again, but no luck/ip firewall nat
add action=dst-nat chain=dstnat` dst-port=8083 \
in-interface=ether1-gateway protocol=tcp\
to-addresses=192.168.88.223 to-ports=8083
i dont have to do anything in firewall filter rules?
Re: Port forwarding
im trying to connect via public ip xx.xx.xx.xx:8083
How do i get out the config?
How do i get out the config?
Re: Port forwarding
Open a new terminal and type /export compact if using v5 or if using v6 just /export will be fine.
Re: Port forwarding
Right, but are you trying to connect via public IP from inside your 10.0. network? Or from the internet? If you are doing it from within you will need hairpin rules also.im trying to connect via public ip xx.xx.xx.xx:8083
How do i get out the config?
/ip firewall export
Re: Port forwarding
im trying to connect from the internet.Right, but are you trying to connect via public IP from inside your 10.0. network? Or from the internet? If you are doing it from within you will need hairpin rules also.im trying to connect via public ip xx.xx.xx.xx:8083
How do i get out the config?
/ip firewall export
Firewall export
Code: Select all
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat disabled=no dst-port=8083 in-interface=\
ether1-gateway protocol=tcp to-add
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 si
set pptp disabled=no
[admin@MikroTik] > Re: Port forwarding
Your dst-nat rule does not look correct. Did you cut it off trying to paste it or is it just wrong?
It should be.
It should be.
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=8083 protocol=tcp to-addresses=192.168.88.223Re: Port forwarding
must have been me when i past it.Your dst-nat rule does not look correct. Did you cut it off trying to paste it or is it just wrong?
It should be.
Code: Select all/ip firewall nat add action=dst-nat chain=dstnat dst-port=8083 protocol=tcp to-addresses=192.168.88.223
is this all that i need?
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=8083 protocol=tcp to-addresses=192.168.88.223
Re: Port forwarding
Yes, unless you are wanting to send port 8083 coming in on your WAN to a different port on the Rasberry (let's use 80 for example) then you would add "to-ports=80". It also doesn't hurt to specify the WAN interface with "in-interface". The resulting rule then would like.
But if you don't need that then just use
Code: Select all
add action=dst-nat chain=dstnat dst-port=8083 in-interface=ether1 protocol=tcp \
to-addresses=192.168.88.223 to-ports=80Code: Select all
add action=dst-nat chain=dstnat dst-port=8083 in-interface=ether1 protocol=tcp \
to-addresses=192.168.88.223Re: Port forwarding
ill get this when i tried
[admin@MikroTik] > /ip firewall nat
[admin@MikroTik] /ip firewall nat> add action=dst-nat chain=dstnat dst-port=8083 i
n-interface=ether1 protocol=tcp \
\... to-addresses=192.168.88.223
ambiguous value of interface, more than one possible value matches input
[admin@MikroTik] /ip firewall nat>
[admin@MikroTik] > /ip firewall nat
[admin@MikroTik] /ip firewall nat> add action=dst-nat chain=dstnat dst-port=8083 i
n-interface=ether1 protocol=tcp \
\... to-addresses=192.168.88.223
ambiguous value of interface, more than one possible value matches input
[admin@MikroTik] /ip firewall nat>
Re: Port forwarding
That is because your WAN interface is not named ether1. Change out ether1 with the interface name of your WAN interface.
Re: Port forwarding
Ahhh ether1-gateway 
But no luck so far, ihave tested everything, when i check the staistic it happens nothing
It must be my modem that stops this, i have even put the mikrotik router in dmz in my modem, i cant bride the modem.
But no luck so far, ihave tested everything, when i check the staistic it happens nothing
It must be my modem that stops this, i have even put the mikrotik router in dmz in my modem, i cant bride the modem.
Re: Port forwarding
Torch your WAN interface and see if you see the traffic coming in.
As was stated earlier. If you are trying to connect to the to the server via the public IP and setting on the same LAN as the server you will need to setup a hairpin nat rule.
As was stated earlier. If you are trying to connect to the to the server via the public IP and setting on the same LAN as the server you will need to setup a hairpin nat rule.
Re: Port forwarding
Im not at home so im not in the same LANTorch your WAN interface and see if you see the traffic coming in.
As was stated earlier. If you are trying to connect to the to the server via the public IP and setting on the same LAN as the server you will need to setup a hairpin nat rule.
Torch doesent show my ipadress at any time, so my call to my raz never gets to the router.
Re: Port forwarding
No problem. What was the final fix?
Re: Port forwarding
It was my modem as a assumed,No problem. What was the final fix?
Re: Port forwarding
Can i make so only a specifik ip-adress can connect to my raz?
Re: Port forwarding
Add a src-address to the dnatCan i make so only a specifik ip-adress can connect to my raz?
Sent from my SCH-I545 using Tapatalk 2
Who is online
Users browsing this forum: tosie and 123 guests