Community discussions

MikroTik App
 
idzuwan
just joined
Topic Author
Posts: 2
Joined: Tue Jun 07, 2022 2:04 pm

Port forwarding issues

Tue Jun 07, 2022 2:14 pm

Hello,

I'm trying to set port forwarding, but seem it does not work at all I do remember it was working before on my RB750G but after I swapped it with 951G-2HnD because the old one die on me it stopped working, I used the exact same rules, so I'm not sure where when wrong here,

I'm trying to port forward port 8080/8123 to local LAN PC/server, I can access the mikrotik router on port 80 via WAN IP (hair pin nat) from local LAN but not those port 2 port, connecting to the port via WAN-IP from the internet does not work either (used the online port checker and accessing it via my phone using mobile data), the NAT counter is 0 which indicating there was no connection to it, perhaps my isp is blocking on their side?

here is my firewall export
# jun/07/2022 18:57:09 by RouterOS 6.46.5
/ip firewall address-list
add address=172.16.1.0/24 list=LAN
add address=WANHOSTNAME list=WAN
add address=XASAAAA.sn.mynetname.net list=WAN2
add address=172.16.1.136 list=PC
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN log-prefix=FWR
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid log-prefix=DROPFW
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=UniFi-Internet
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=WAN \
    new-connection-mark=HairPin_NAT passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hair Pin NAT" connection-mark=\
    HairPin_NAT
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none \
    out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=8123 \
    in-interface=UniFi-Internet protocol=tcp to-addresses=172.16.1.254 \
    to-ports=8123
add action=dst-nat chain=dstnat comment=ianseo dst-address-list=WAN2 \
    dst-port=8080 in-interface=UniFi-Internet protocol=tcp to-addresses=\
    172.16.1.136 to-ports=80
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Port forwarding issues

Tue Jun 07, 2022 7:46 pm

If you add:
/ip firewall mangle
add chain=prerouting in-interface-list=WAN connection-state=new action=log
and you try some connection from outside, does it log anything? It will tell if ISP blocks it or not.
 
idzuwan
just joined
Topic Author
Posts: 2
Joined: Tue Jun 07, 2022 2:04 pm

Re: Port forwarding issues

Wed Jun 08, 2022 6:07 am

If you add:
/ip firewall mangle
add chain=prerouting in-interface-list=WAN connection-state=new action=log
and you try some connection from outside, does it log anything? It will tell if ISP blocks it or not.
I can see only UDP connection from 1 host to port 60547 nothing more (even I try to do the port connection test on https://www.yougetsignal.com/tools/open-ports/)

Who is online

Users browsing this forum: 0xAA55, donmunyak, itvisionpk and 45 guests