Community discussions

MUM Europe 2020
 
User avatar
bjornekelund
just joined
Topic Author
Posts: 13
Joined: Sun Feb 05, 2017 10:32 pm
Contact:

Accessing forwarded ports "from inside" using public address

Sun May 07, 2017 12:46 pm

I have a problem that I do not really know how to solve.

I have some ports forwarded through my router for remote control purposes.
With my previous router I could access those ports using my public address from inside my network, either "mydomain.com" or the actual public IP address.
Using the internal adress (e.g. 192.168.1.8 ) to access the ports of course works fine but for testing purposes I want my dynamic DNS to be part of the test.

I have a feeling it is because my rules refer to my fiber transceiver on SFP1 but I'm not knowledgable enough to determine the exact remedy.

Any help would be greatly appreciated.

My firewall setup is quite straightforward:

# may/07/2017 11:42:14 by RouterOS 6.39.1
# software id = 2R0E-UH51
#
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment="Accept ping from WAN" disabled=yes in-interface=sfp1 protocol=icmp
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=sfp1
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=sfp1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=sfp1
add action=dst-nat chain=dstnat comment="ICOM RS-BA1 on Sergil" dst-port=50001-50003 in-interface=sfp1 protocol=udp to-addresses=192.168.1.8 to-ports=50001-50003
add action=dst-nat chain=dstnat comment="com2tcp on Sergil" dst-port=5555 in-interface=sfp1 protocol=tcp to-addresses=192.168.1.8 to-ports=5555
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Accessing forwarded ports "from inside" using public address

Sun May 07, 2017 3:15 pm

Everything you need is nicely explained here.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
bjornekelund
just joined
Topic Author
Posts: 13
Joined: Sun Feb 05, 2017 10:32 pm
Contact:

Re: Accessing forwarded ports "from inside" using public address

Sun May 07, 2017 4:20 pm

Thank you!
 
User avatar
bjornekelund
just joined
Topic Author
Posts: 13
Joined: Sun Feb 05, 2017 10:32 pm
Contact:

Re: Accessing forwarded ports "from inside" using public address

Sun May 07, 2017 5:32 pm

I read, understood and added the the suggested hairpin NAT rule (but of course with different addresses etc.). Doesn't work. I will have to dig further into this...
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: Accessing forwarded ports "from inside" using public address

Sun May 07, 2017 6:37 pm

Did you change your dstnat rules? If not, connections from inside won't match in-interface=sfp1. But if you remove it, you need to add some specification of original destination address. Either dst-address=<address> (if you have static one) or dst-address-type=local (for dynamic).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
bjornekelund
just joined
Topic Author
Posts: 13
Joined: Sun Feb 05, 2017 10:32 pm
Contact:

Re: Accessing forwarded ports "from inside" using public address

Sun May 07, 2017 7:47 pm

Oh, I didn't. As I mentioned, I'm a beginner at this.

I will try later. Thank you for your help.

Who is online

Users browsing this forum: No registered users and 27 guests