I'm trying to set port forwarding, but seem it does not work at all I do remember it was working before on my RB750G but after I swapped it with 951G-2HnD because the old one die on me it stopped working, I used the exact same rules, so I'm not sure where when wrong here,
I'm trying to port forward port 8080/8123 to local LAN PC/server, I can access the mikrotik router on port 80 via WAN IP (hair pin nat) from local LAN but not those port 2 port, connecting to the port via WAN-IP from the internet does not work either (used the online port checker and accessing it via my phone using mobile data), the NAT counter is 0 which indicating there was no connection to it, perhaps my isp is blocking on their side?
here is my firewall export
Code: Select all
# jun/07/2022 18:57:09 by RouterOS 6.46.5
/ip firewall address-list
add address=172.16.1.0/24 list=LAN
add address=WANHOSTNAME list=WAN
add address=XASAAAA.sn.mynetname.net list=WAN2
add address=172.16.1.136 list=PC
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN log-prefix=FWR
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid log-prefix=DROPFW
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=UniFi-Internet
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=WAN \
new-connection-mark=HairPin_NAT passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hair Pin NAT" connection-mark=\
HairPin_NAT
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none \
out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=8123 \
in-interface=UniFi-Internet protocol=tcp to-addresses=172.16.1.254 \
to-ports=8123
add action=dst-nat chain=dstnat comment=ianseo dst-address-list=WAN2 \
dst-port=8080 in-interface=UniFi-Internet protocol=tcp to-addresses=\
172.16.1.136 to-ports=80