Problem with NAT port forwarding

pazak · Tue Jul 26, 2022 1:15 pm

Hello,

I have a problem with NAT port forwarding. My setup is very basic and maybe some rules are missing. I have redirected port 54321 to a LAN address, but it doesn't work.
Please help where I may have a bug.

# jul/13/2022 15:23:24 by RouterOS 6.49.1
# software id = LWCZ-9ZUX
#
# model = 922UAGS-5HPacD
# serial number = 
/interface lte
set [ find ] name=lte1
/interface bridge
add admin-mac=B8 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=no_country_set disabled=no distance=indoors \
    frequency=5745 frequency-mode=manual-txpower mode=ap-bridge rx-chains=0,1 \
    ssid="MikroTik 5.8" tx-chains=0,1 tx-power=30 tx-power-mode=\
    all-rates-fixed
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=no_country_set disabled=no frequency=auto mode=ap-bridge \
    rx-chains=0,1 ssid="MikroTik 2.4" tx-chains=0,1 tx-power=30 \
    tx-power-mode=all-rates-fixed
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk,wpa2-eap mode=\
    dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=
/ip pool
add name=dhcp_pool0 ranges=192.168.1.100-192.168.1.254,192.168.1.2
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge lease-time=6h name=\
    dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip dhcp-client
add comment=defconf disabled=no interface=bridge
/ip dhcp-server lease
add address=192.168.1.2 client-id=1: mac-address=\
    00 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip firewall nat
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-port=54321 in-interface=lte1 log=yes \
    log-prefix=wg protocol=udp to-addresses=192.168.1.2 to-ports=54321
/system clock
set time-zone-name=Europe/Warsaw
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
    d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive

jvanhambelgium · Tue Jul 26, 2022 2:12 pm

in-interface=lte1

Changes are BIG that you are begind CGNAT (Carrier-Grade NAT) which is more & more used.
You cannot do port-forwarding with CGNAT because another NAT is done at the provider over which you do not have any control!

Please check which IP-address you received on your LTE1-interface.
CGNAT has its own reserved IP range between 100.64.0.0 and 100.127.255.255

pazak · Wed Jul 27, 2022 5:44 pm

Thank you for your response. You put me in the right way of thinking. My connection to the internet operator is via a usb dongle with an lte modem. I will see if it is possible to change the usb key to the bridge so that I can use Mikrotik as a router.

in-interface=lte1

Changes are BIG that you are begind CGNAT (Carrier-Grade NAT) which is more & more used.
You cannot do port-forwarding with CGNAT because another NAT is done at the provider over which you do not have any control!

Please check which IP-address you received on your LTE1-interface.
CGNAT has its own reserved IP range between 100.64.0.0 and 100.127.255.255

jvanhambelgium · Wed Jul 27, 2022 5:55 pm

Apart from that CHECK IF YOU HAVE A REAL PUBLIC IP
If not, first fix that problem or port-forward will never work.

Problem with NAT port forwarding

Problem with NAT port forwarding

Re: Problem with NAT port forwarding

Re: Problem with NAT port forwarding

Re: Problem with NAT port forwarding

Who is online