Hello, I'm relatively new to RouterOS. I have had a private server I have used for file hosting and game servers for a long time now. I recently picked up a mikrotik hEX S to use in my network. I've set up my port forwarding same as I have on previous routers but I seem to have no outside communication for any of the server programs launched. I can use remote desktop connect through the opened ports and redirected ports fine but none of the file sharing or game server hosts can communicate with hosting networks or clients. I am unsure if there is a way to export my current settings for someone to view but it's currently set to;
open tcp port 3389 for remote desktop to one computer
open tcp port 3388 and redirect to 3389 for remote desktop to a second computer
open tcp port 3387 and redirect to 3389 for remote desktop to a third computer
open tcp port 3390 and redirect to 3389 for remote desktop to the server
open tcp ports 7770-7810,27000-27050 for file hosting and dedicated server software to the server
open udp ports 1200,3478,4379-4380,7770-7810,27000-27050 for file hosting and dedicated server software to the server
I did notice RouterOS does not appear to like the standard port formatting as written above. I had to enter them individually for each range, ie: one for 1200, separate one for 3478, another one for 4379-4380, etc. Is it a formatting issue. Is #-# not the correct way to designate a range in RouterOS? As stated everything worked correctly for the 4 remote desktop ports.
Re: Server Connection Issues
If you open a terminal connection (either ssh to router or open terminal from any of GUI), then you can create text export of complete setup by running command /export hide-sensitive file=anynameyouwish. Afterwards fetch the file to your PC, open it with text editor, optionally obfuscate remaining sensitive data (e.g. static public IP address, wifi password) and copy-paste it inside [code] [/code] environment.
And yes, it does help to see whole config, not just part of it. Things are connected to each other in most mysterious ways
And yes, it does help to see whole config, not just part of it. Things are connected to each other in most mysterious ways
Re: Server Connection Issues
thank you, here is the file it spit out.
Code: Select all
# jan/11/2022 18:15:38 by RouterOS 6.49.2
# software id = Y5PZ-B7VH
#
# model = RB760iGS
# serial number = E1F20FCC7140
/interface bridge
add admin-mac=DC:2C:6E:7B:EF:B1 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=3389 protocol=tcp to-addresses=\
192.168.88.237 to-ports=3389
add action=dst-nat chain=dstnat dst-port=3388 protocol=tcp to-addresses=\
192.168.88.249 to-ports=3389
add action=dst-nat chain=dstnat dst-port=3387 protocol=tcp to-addresses=\
192.168.88.251 to-ports=3389
add action=dst-nat chain=dstnat dst-port=3390 protocol=tcp to-addresses=\
192.168.88.246 to-ports=3389
add action=dst-nat chain=dstnat dst-port=7770-7810 protocol=tcp to-addresses=\
192.168.88.246 to-ports=7770-7810
add action=dst-nat chain=dstnat dst-port=26900-26905 protocol=tcp \
to-addresses=192.168.88.246 to-ports=26900-26905
add action=dst-nat chain=dstnat dst-port=27000-27100 protocol=tcp \
to-addresses=192.168.88.246 to-ports=27000-27100
add action=dst-nat chain=dstnat dst-port=1200 protocol=udp to-addresses=\
192.168.88.246 to-ports=1200
add action=dst-nat chain=dstnat dst-port=3478 protocol=udp to-addresses=\
192.168.88.246 to-ports=3478
add action=dst-nat chain=dstnat dst-port=4379-4380 protocol=udp to-addresses=\
192.168.88.246 to-ports=4379-4380
add action=dst-nat chain=dstnat dst-port=7770-7810 protocol=udp to-addresses=\
192.168.88.246 to-ports=7770-7810
add action=dst-nat chain=dstnat dst-port=26900-26905 protocol=udp \
to-addresses=192.168.88.246 to-ports=26900-26905
add action=dst-nat chain=dstnat dst-port=27000-27100 protocol=udp \
to-addresses=192.168.88.246 to-ports=27000-27100
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN[code]
Re: Server Connection Issues
THe format of al the dstnat rules should include in-interface-list=WAN
(assuming you have a dynamic WANIP)
(if its a static fixed IP) the addition would be dst-address=fixedWANIP (and if so you want to make sure you put fake numbers or xx.xx.xx.xx on any future export shown here.
(assuming you have a dynamic WANIP)
(if its a static fixed IP) the addition would be dst-address=fixedWANIP (and if so you want to make sure you put fake numbers or xx.xx.xx.xx on any future export shown here.
Re: Server Connection Issues
Thank you, that seems to have fixed my issue with external network connections. I am still having an issue where I cannot connect to a server side host from within the network. It will not allow a connection from anything but the external IP as it's partially managed by steam.
Using the servers internal IP on the others though will allow connections internally but trying to connect using external IP and domain from within network does not.
This is not an issue I've had with other routers. Is there a setting I would need to allow internal calls to the external IP?
Using the servers internal IP on the others though will allow connections internally but trying to connect using external IP and domain from within network does not.
This is not an issue I've had with other routers. Is there a setting I would need to allow internal calls to the external IP?
Re: Server Connection Issues
You want to google up "mikrotik hair pin NAT"
Re: Server Connection Issues
@jordant, if the referenced article needs improvement in anyway, always looking to make it better!
Who is online
Users browsing this forum: triss and 77 guests