Hi,
please, help me ... My Port forwarding dont work
On IP Address 192.168.100.55 ( LAN ) is www server whitch I want make visible on internet / WAN= 80.xxx.xxx.218

there is my configuration >

/ip firewal nat chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=Wan
/ip firewal nat chain=srcnat action=src-nat to-addresses=80.xxx.xxx.218 to-ports=0-65535 src-address=192.168.100.55
/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80
dst-address=80.xxx.xxx.218 dst-port=80 protocol=tcp
---------
/ip firewall filter
1 chain=forward action=accept src-address=192.168.100.55
------------
Route Table :
0 A S 0.0.0.0/0 r 80.xxx.xxx.217 1 Wan
1 ADC 80.xxx.xxx.216/29 80.xxx.xxx.218 0 Wan
2 ADC 192.168.100.0/24 192.168.100.98 0 LAN

OS - ver 3.10

Why u wanna forward all ports? As action use masquarde if u are connected to AP with single IP for all clients.

I am new at this too and am probably wrong but it looks like you have things a little backwards and don't need some things.

Things happen in order, this needs to go below the src-nat(which you dont need). You don't need this, its covered by what the masquerade does in what I understand your configuration to be. Looks good.
If your router had two IPs (one for the server, one for everyone else); it's a slightly different story

[quote="bobertperry"]I am new at this too and am probably wrong but it looks like you have things a little backwards and don't need some things.

Things happen in order, this needs to go below the src-nat(which you dont need). You don't need this, its covered by what the masquerade does in what I understand your configuration to be. Looks good. ------------------------
Thanks for your reply, Now www server works propertly !
but I have next problem - how can I set ftp port forward ? I try set port 21 like 80 but it seems be not the same thing ...

Make sure you have port 20 and 21. Also no need for another rule, just separate each port with a comma.
ie:

/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80 dst-address=80.xxx.xxx.218 dst-port=20,21,80 protocol=tcp

Make sure you have port 20 and 21. Also no need for another rule, just separate each port with a comma.
ie:

/ip firewal nat chain=dstnat action=dst-nat to-addresses=192.168.100.55 to-ports=80 dst-address=80.xxx.xxx.218 dst-port=20,21,80 protocol=tcp

It must be probably in separated rules , becaouse on action page of rule is not posible set ports 20,21,

is port 20 udp or tcp ?

TCP. And it will let you set comma separated lists of ports there.

TCP. And it will let you set comma separated lists of ports there.

I mean, that NO .
action=dst-nat to-addresses=192.168.100.55 to-ports=80
here is action to-ports only one port , how can I translate port 21 to 80 ?
I don't understand this

Oh ya, my bad. If you do it in one rule everything would be forwarded to port 80. My bad.