Hello, I am trying to access a telnet server behind a mikrotik RB2011UiAS that has RouterOS v6.49.1 (stable) but without success.
My firewall rules are:
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input protocol=gre
add action=accept chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="Allow forwarding" connection-nat-state=dstnat connection-state=established,new in-interface="Internet (port 1)" log-prefix=\
"Firewall forward telnet server"
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=telnet_server dst-address=200.10.10.10 dst-port=4370 protocol=tcp to-addresses=192.168.10.99 to-ports=4370
The IP 200.10.10.10 is the public address
The telnet server is on IP 192.168.10.99 with port 4370 . I can see the counter of the the rule "add action=dst-nat chain=dstnat comment=telnet_server dst-address=200.10.10.10 dst-port=4370 protocol=tcp to-addresses=192.168.10.99 to-ports=4370" is incremented when I try to establish communication, but the communication is not working.
What´s wrong with these rules?