Community discussions

MikroTik App
  4. RouterOS
  5. General

Cant get port forwarding to work

Post Reply
 
Bowen73
just joined
Topic Author
Posts: 12
Joined: Thu May 28, 2020 12:24 pm

Cant get port forwarding to work

Wed Jul 06, 2022 3:05 pm

I can't seem to get port forwarding to work from the outside world.

I've tried to set up the CCTV but no joy and now trying to forward port 80 and still no joy (I've changed webfig to another port). when I'm on the local network and put in the external IP I get the windows IIS page. but when I try externally and put in the IP it says it can't reach the page.

I have a nat rule: chain: dstnat dst-address (my_external_ip) protocol: TCP Dst port: 80. action: dst-nat to-address (local IP) to ports 80
this is the same as cctv rule but to the relevant cctv port/ip.

I'm running routeros 6.49

i did follow a tutorial to setup dual wan so not sure if that is affecting it somehow?

any ideas? Thanks in advance
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 1962
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:18 pm

What tutorial exactly?
Can you please share your config (/export hide-sensitive file=anynameyoulike) and remove all personal information?
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12008
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:20 pm

Also if all work correctly, for test rules for outside you must use another connection,
and locally you must use local IP.
Top
 
Bowen73
just joined
Topic Author
Posts: 12
Joined: Thu May 28, 2020 12:24 pm

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:33 pm

Also if all work correctly, for test rules for outside you must use another connection,
and locally you must use local IP.
i did that. used my phone and disabled wifi so was using phone internet
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12008
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:37 pm

Ah, dual WAN, the most important information at the end, never first.

Plus you drew a great schematic and the export of the configuration is really nice.
Top
 
Bowen73
just joined
Topic Author
Posts: 12
Joined: Thu May 28, 2020 12:24 pm

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:38 pm

What tutorial exactly?
Can you please share your config (/export hide-sensitive file=anynameyoulike) and remove all personal information?
I'll try and find it but there was a number of them i came across.

this is the export. hopefully its right. I've change my external IP address to my-external-ip on the export

the isp_1 is my static IP and the isp_2 is dhcp from the ISP. it was meant as a backup line but as the line only gives 72mb max i tried the dual wan. but not sure if this has affected port forwarding
Code: Select all
# jul/06/2022 13:29:46 by RouterOS 6.49
# software id = CBSQ-YHL1
#
# model = RB750Gr3
# serial number = <CENSORED>
/interface bridge
add name=Bridge_LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1_ISP1
set [ find default-name=ether2 ] name=ether2_ISP2
set [ find default-name=ether3 ] name=ether3_LAN
set [ find default-name=ether4 ] name=ether4_LAN
set [ find default-name=ether5 ] name=ether5_LAN
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1_ISP1 \
    keepalive-timeout=disabled name=pppoe-out1 use-peer-dns=yes user=\
    <CENSORED>
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.11.2.220-10.11.2.254
add name=dhcp_pool1 ranges=10.11.2.1-10.11.2.9,10.11.2.11-10.11.2.254
add name=vpn_pool ranges=192.168.2.2-192.168.2.250
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=Bridge_LAN name=DHCP_Local
add address-pool=dhcp_pool1 disabled=no interface=ether2_ISP2 name=dhcp1
/ppp profile
add local-address=192.168.2.1 name=vpn_profile remote-address=vpn_pool
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add max-limit=152M/152M name=Local-LAN target=Bridge_LAN
/interface bridge port
add bridge=Bridge_LAN interface=ether3_LAN
add bridge=Bridge_LAN interface=ether4_LAN
add bridge=Bridge_LAN interface=ether5_LAN
/interface detect-internet
set detect-interface-list=WAN
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=ether1_ISP1 list=WAN
add interface=Bridge_LAN list=LAN
add interface=pppoe-out1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 default-profile=vpn_profile \
    enabled=yes require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.11.2.10/24 interface=Bridge_LAN network=10.11.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1_ISP1
add disabled=no interface=ether2_ISP2
/ip dhcp-server lease
add address=10.11.2.11 comment="24 Port Ubiquiti" mac-address=\
    78:8A:20:C5:D5:60
add address=10.11.2.12 comment="48 Port Ubiquiti" mac-address=\
    FC:EC:DA:02:7E:FC
add address=10.11.2.20 comment="UKJU-WAP01\r\
    \n" mac-address=F0:9F:C2:8E:D4:5B
add address=10.11.2.21 comment=UKJU-WAP02 mac-address=F0:9F:C2:8E:D4:D8
add address=10.11.2.22 comment=UKJU-WAP03 mac-address=F0:9F:C2:8E:D8:72
add address=10.11.2.60 comment="Brother Printer 1" mac-address=\
    00:1B:A9:C9:1E:8B
add address=10.11.2.190 comment="D-Link Nas Drive" mac-address=\
    CC:B2:55:04:BA:BA
add address=10.11.2.220 comment="CCTV Entrance" mac-address=BC:AD:28:8B:72:E6
add address=10.11.2.221 comment="CCTV Office Side Run" mac-address=\
    00:0F:7C:15:36:B2
add address=10.11.2.1 mac-address=80:18:44:F2:7B:70 server=DHCP_Local
add address=10.11.2.82 comment=ukju-winserver01 mac-address=00:0C:29:02:DC:98 \
    server=DHCP_Local
add address=10.11.2.52 client-id=1:6c:e8:5c:d5:1f:ee mac-address=\
    6C:E8:5C:D5:1F:EE server=DHCP_Local
add address=10.11.2.140 client-id=1:38:ba:f8:b6:bc:e6 mac-address=\
    38:BA:F8:B6:BC:E6 server=DHCP_Local
add address=10.11.2.50 client-id=1:c2:62:2d:8f:bf:35 comment="Mobile Phones" \
    mac-address=C2:62:2D:8F:BF:35 server=DHCP_Local
add address=10.11.2.51 client-id=1:dc:8:f:6b:52:cb mac-address=\
    DC:08:0F:6B:52:CB server=DHCP_Local
add address=10.11.2.56 client-id=1:e:40:a8:f9:db:71 mac-address=\
    0E:40:A8:F9:DB:71 server=DHCP_Local
add address=10.11.2.249 client-id=1:0:c:29:c9:23:d5 comment="Clocking PC" \
    mac-address=00:0C:29:C9:23:D5 server=DHCP_Local
add address=10.11.2.252 client-id=1:b8:27:eb:15:f8:72 comment="GPS Screen" \
    mac-address=B8:27:EB:15:F8:72 server=DHCP_Local
add address=10.11.2.57 client-id=1:14:d1:69:1d:cd:86 mac-address=\
    14:D1:69:1D:CD:86 server=DHCP_Local
add address=10.11.2.54 client-id=1:5e:79:eb:1:ad:85 mac-address=\
    5E:79:EB:01:AD:85 server=DHCP_Local
add address=10.11.2.55 client-id=1:4:d6:aa:46:de:ff mac-address=\
    04:D6:AA:46:DE:FF server=DHCP_Local
add address=10.11.2.53 client-id=1:1e:e6:6d:82:46:3a mac-address=\
    1E:E6:6D:82:46:3A server=DHCP_Local
add address=10.11.2.81 client-id=\
    ff:9f:6e:85:24:0:2:0:0:ab:11:23:d9:d6:44:bc:80:e0:9e comment=\
    "Virtual Appliances" mac-address=00:0C:29:3F:EA:CE server=DHCP_Local
add address=10.11.2.89 client-id=\
    ff:bc:9a:4a:2d:0:2:0:0:ab:11:7f:d8:65:bf:16:cc:5c:2d mac-address=\
    00:0C:29:DF:6C:84 server=DHCP_Local
add address=10.11.2.251 client-id=\
    ff:9f:6e:85:24:0:2:0:0:ab:11:8b:a0:84:58:3:fd:1e:f comment=VeeamPN \
    mac-address=00:0C:29:B1:0C:C9 server=DHCP_Local
/ip dhcp-server network
add address=10.11.2.0/24 dns-server=10.11.2.82,8.8.8.8 gateway=10.11.2.10 \
    netmask=24
/ip dns
set servers=10.11.2.82,8.8.8.8
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1_ISP1 \
    new-connection-mark=ISP1 passthrough=yes
add action=mark-connection chain=input in-interface=ether2_ISP2 \
    new-connection-mark=ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=\
    ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=\
    ISP2 passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="CCTV Port Forward" dst-address=\
    my-external-ip dst-port=8240 log=yes log-prefix=CCTV_ protocol=udp \
    to-addresses=10.11.2.220 to-ports=8240
add action=dst-nat chain=dstnat comment="Syrinx Port Forward" dst-address=\
    my-external-ip dst-port=80 log=yes log-prefix=Syrinx_ protocol=tcp \
    to-addresses=10.11.2.82 to-ports=80
add action=dst-nat chain=dstnat comment="VeeamPN Port 6179 C2S" disabled=yes \
    dst-address=my-external-ip dst-port=6179 log=yes log-prefix=VeamPN-c2s \
    protocol=udp to-addresses=10.11.2.251
add action=dst-nat chain=dstnat comment="VeeamPN Port 80" disabled=yes \
    dst-address=my-external-ip log=yes log-prefix=veeam_vpn protocol=tcp \
    to-addresses=10.11.2.251
add action=dst-nat chain=dstnat comment="VeeamPN Pot 1194 S2S" disabled=yes \
    dst-address=my-external-ip dst-port=1194 log=yes log-prefix=VeaamPN-s2s \
    protocol=udp to-addresses=10.11.2.251
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
    src-address=192.168.89.0/24
add action=masquerade chain=srcnat src-address=10.11.2.0/24
add action=masquerade chain=srcnat out-interface=ether1_ISP1 \
    out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=192.168.1.254 routing-mark=ISP1
add disabled=yes distance=1 gateway=ether2_ISP2 routing-mark=ISP2
add check-gateway=ping disabled=yes distance=1 gateway=192.168.1.254
/ip service
set www port=85
/ppp secret
add disabled=yes name=<CENSORED> profile=vpn_profile service=ovpn
add disabled=yes local-address=10.11.2.10 name=<CENSORED> profile=\
    default-encryption remote-address=10.11.2.181
add disabled=yes name=<CENSORED> profile=vpn_profile service=ovpn
add disabled=yes local-address=10.11.2.10 name=<CENSORED> profile=\
    default-encryption remote-address=10.11.2.186
add disabled=yes local-address=10.11.2.10 name=<CENSORED> profile=\
    default-encryption remote-address=10.11.2.185
add disabled=yes name=vpn
add disabled=yes local-address=10.11.2.10 name=<CENSORED> profile=\
    default-encryption remote-address=10.11.2.183
add disabled=yes name=<CENSORED> profile=vpn_profile service=ovpn
/system clock
set time-zone-name=Europe/London
/system identity
set name="MikroTik"
/tool netwatch
add host=8.8.8.8
/tool sniffer
set file-name=test filter-interface=ether1_ISP1 filter-ip-protocol=tcp \
    filter-port=http
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12008
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:43 pm

my.external.ip is from what ISP? 1 or 2?
Top
 
Bowen73
just joined
Topic Author
Posts: 12
Joined: Thu May 28, 2020 12:24 pm

Re: Cant get port forwarding to work

Wed Jul 06, 2022 3:54 pm

my.external.ip is from what ISP? 1 or 2?
ISP1 is my.external.IP (static)
isp2 picks up dhcp from whatever its given from the 2nd providers modem
Top
 
Bowen73
just joined
Topic Author
Posts: 12
Joined: Thu May 28, 2020 12:24 pm

Re: Cant get port forwarding to work

Wed Jul 06, 2022 4:22 pm

Ah, dual WAN, the most important information at the end, never first.

Plus you drew a great schematic and the export of the configuration is really nice.
if dual wan is the issue, is there a decent tutorial to follow so I can get it setup right so port forwarding works from outside to in? I've seen a few and most aren't in English so I get lost :-s or better still how can my setup be fixed so it works properly?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 163 guests
  4. RouterOS
  5. General