Community discussions

MikroTik App
 
soran1
just joined
Topic Author
Posts: 17
Joined: Mon Sep 06, 2021 11:17 am

problem with nat port forwarding

Thu Mar 23, 2023 11:30 pm

hello , i have problem to open nat port 3074 for game warzone2 i use 4011 ver7 as home router with masqurade nat and connect my pc to ether 8 with static ip when i do the port forward rule its not working but when i use the pppoe user from the isp direct in pc with broadband connection its work fine ,,,these are my rule any advice ??
/ip firewall filter add chain=forward action=accept connection-nat-state=dstnat protocol=tcp dst-address=192.168.2.10 dst-port=3074,27014-27050
/ip firewall filter add chain=forward action=accept connection-nat-state=dstnat protocol=udp dst-address=192.168.2.10 dst-port=3074,27014-27050
nat////
;;; warzone - port forwarding
chain=dstnat action=dst-nat to-addresses=192.168.2.10 to-ports=3074 protocol=udp dst-address=65.20.213.164 in-interface=pppoe-out1 dst-port=3074
log=no log-prefix=""

1 ;;; warzon2 - port forwarding
chain=dstnat action=dst-nat to-addresses=192.168.2.10 to-ports=3074 protocol=tcp dst-address=65.20.213.164 in-interface=pppoe-out1 dst-port=3074
log=no log-prefix=""
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: problem with nat port forwarding  [SOLVED]

Thu Mar 23, 2023 11:40 pm

Doing it wrong,
There is one rule only for port forwarding required in the FORWARD CHAIN. The concept is different from most other routers I have used.
WE dont make a forward rule for each port forward.
We use the dst nat chain to do each rule.

Check out - viewtopic.php?t=179343
 
soran1
just joined
Topic Author
Posts: 17
Joined: Mon Sep 06, 2021 11:17 am

Re: problem with nat port forwarding

Thu Mar 23, 2023 11:52 pm

Doing it wrong,
There is one rule only for port forwarding required in the FORWARD CHAIN. The concept is different from most other routers I have used.
WE dont make a forward rule for each port forward.
We use the dst nat chain to do each rule.

Check out - viewtopic.php?t=179343
i will check it put if u can show me the rule for it with port tcp and udp port 3074
 
soran1
just joined
Topic Author
Posts: 17
Joined: Mon Sep 06, 2021 11:17 am

Re: problem with nat port forwarding

Fri Mar 24, 2023 12:25 am

Doing it wrong,
There is one rule only for port forwarding required in the FORWARD CHAIN. The concept is different from most other routers I have used.
WE dont make a forward rule for each port forward.
We use the dst nat chain to do each rule.

Check out - viewtopic.php?t=179343
its worked thank you alot i went with these config======= thank you again
6. NAT AND IP FIREWALL RULES ---> normally consists of three rules.

For basic destination nat which includes basic port forwarding, if coming from other devices, one needs ONE firewall rule in the forward firewall filter chain. The rule (example below) basically allows port forwarding to a server on the LAN, that has a corresponding DST NAT rule in the config. Then you need DST-NAT rules fore every port forwarding, each with all the details. A source nat rule is a more general rule so that any traffic initiated by the LAN is natted by the Routers WANIP on the way out. Thus source-nat is important only if local users are directed to the server (not through LANIP) but through the WANIP.

a. Filter Rule: add chain=forward action=accept connection-nat-state=dstnat
{ any traffic with destination ports identified in DST NAT rules will be allowed through firewall }

b. Source Nat Rule:

case1: Dynamic WANIP add chain=srcnat action=masquerade out-interface-list=WAN { will also work for fixed/static WANIPs but not as technically correct }

case2: Fixed/Static WANIP add chain=srcnat action=src-nat out-interface=ether1 to-addresses=WANIP(static) { where out interface must be the active interface, pppoe1-out, vlan etc. }

c. Destination Nat Rule:

case1: Dynamic WANIP add chain=dstnat action=dst-nat dst-port=xxxx protocol=yyy in-interface-list=WAN \
to-addresses=IPof Server { to ports not required if same as dst-ports }

case2: Fixed Static WANIP add chain=dstnat action=dst-nat dst-address=WANIP(static) dst-port=xxxx \
protocol=yyy to-addresses=IPofServer to-ports=zzzz { in this case users come in on port xxxx but the port gets translated to zzzz before hitting the server }

c. Destination Port Ranges: Caution, ensure port ranges do NOT overlap with expected incoming VPN listenting ports as DST nat takes precedence over input chain rules.

Who is online

Users browsing this forum: Bing [Bot], coreshock, Google [Bot], GoogleOther [Bot], Kindis, Qalderu, Railander and 67 guests