I have a local webserver running behind NAT IP: 192.168.10.16 on port 8123. I would like to access this server from internet. Please help me out how the rules should be to make it work. My internet/WAN port = ether1. If other information needed please let me know so that i can add this to this forum thread.
/ip firewall nat print
Code: Select all
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
1 ;;; masq. vpn traffic
chain=srcnat action=masquerade src-address=192.168.89.0/24
2 ;;; OpenVPN Masquerade
chain=srcnat action=masquerade src-address=192.168.20.0/24 log=no log-prefix=""
/ip firewall filter print
Code: Select all
2 chain=forward action=accept connection-nat-state=srcnat,dstnat protocol=igmp in-interface=ether1
in-interface-list=all out-interface-list=all log=no log-prefix=""
3 ;;; allow IPsec NAT
chain=input action=accept protocol=udp dst-port=4500
4 ;;; allow IKE
chain=input action=accept protocol=udp dst-port=500 log=yes log-prefix="VPN"
5 ;;; allow l2tp
chain=input action=accept protocol=udp dst-port=1701
6 ;;; allow pptp
chain=input action=accept protocol=tcp dst-port=1723 log=yes log-prefix="VPN"
7 ;;; allow sstp
chain=input action=accept protocol=tcp dst-port=443
8 chain=input action=accept protocol=ipsec-esp
9 chain=input action=accept protocol=ipsec-ah
10 ;;; Allow Established connections
chain=input action=accept connection-state=established
11 ;;; Allow ICMP
chain=input action=accept protocol=icmp
12 chain=input action=accept src-address=192.168.10.0/24 in-interface=!ether1 log=no log-prefix=""
13 ;;; Drop Invalid connections
chain=input action=drop connection-state=invalid
14 ;;; Drop everything else
chain=input action=drop
15 chain=forward action=accept in-interface=bridge out-interface=bridge log=no log-prefix=""