Community discussions

MikroTik App
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 8:54 am

Hello My friends..!
so i have RB951ui and Since i have 3 WAN connection on it, i already set the load balancing on it like this -(see the attached file)-
but now i want to setup a port forwarding rule through WAN-2 to open my office camera from outside my LAN.
how can i make this rule in this cases..??
please anyone can help, i didnt setup this before during this situation..!!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 1:51 pm

So the setup is working now for load balancing............ if so this means that traffic coming in on WAN2 will depart on WAN2, which is the biggest concern....
Now you only have to setup firewall rules on the router, but they are missing from your config??
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 3:13 pm

So the setup is working now for load balancing............ if so this means that traffic coming in on WAN2 will depart on WAN2, which is the biggest concern....
Now you only have to setup firewall rules on the router, but they are missing from your config??
you are right i forget to put my firewall rule..so here is my firewall .
can i create the port forwarding rules normally under this rules..?
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 3:38 pm

If you just posted the whole thing without fiddling with it too much... I see "/ip firewall nat" twice, so which one is it, and what else is missing/changed? You don't need anything special, just regular dstnat rule. What you have should work, provided that there's 192.168.2.2 on ether2, upstream router is forwarding port(s) to it, and you actually have interface list named "WAN" that contains ether1-3.

Unrelated thing, dst-address-type=local in PCC rules is nonsense, it means that they apply to connections to router itself (which is useless) and ignore connections to internet (which is where you want them to apply). It should be dst-address-type=!local ("!" = not).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 3:40 pm

(1) Adjusted
/ip firewall filter
{Input chain}
[default rules]
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.
1
[user rules]
add action=accept chain=input comment="allow WireGuard" dst-port=13231 \
protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
{Forward chain}
[default rules]
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid

[user rules]
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward connection-nat-state=dstnat comment="allow port forwarding"
add action=drop chain=forward comment="drop all else"


(2) Why do you have port 8291 forwarded??? Your other port forwarding rule is incomplete. ( dont need to ports if same as dst-ports )

add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.2.2 \
dst-port=8291 protocol=tcp to-addresses=192.168.2.2
add action=dst-nat chain=dstnat dst-address=192.168.2.2 dst-port= ....\
protocol=tcp to-addresses=192.168.1.10 to-ports=


(3) If you only have one subnet and they will need to reach servers as well using the WANIP (and not LANIP direct) then you will need another source nat rule but you have provided no details on the router LAN structure......................... Also no visibility into interface list or members. In other words, complete config required (less router serial #)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 3:41 pm

Unrelated thing, dst-address-type=local in PCC rules is nonsense, it means that they apply to connections to router itself (which is useless) and ignore connections to internet (which is where you want them to apply). It should be dst-address-type=!local ("!" = not).
Which is why I asked before working on port forwarding, if the Load Balancing is working properly, you seem to indicate it should not be working, so which is it????
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: configure port forwarding through load balancing environment in RB951UI

Wed Dec 07, 2022 10:11 pm

Hello my friends..!
so i will apply the forwarding rules and give you the output.
i know that i repeated nat rule, that's was my wrong, i didn't notice that..!
for load balancing rule i follow this manual when i create it -(https://mum.mikrotik.com/presentations/US12/steve.pdf)-, i find the explaination is convenient, yet there are alot of question in this manual, forexample i don't think that i reach to the absolute understanding when he created accept rule in first mangle rule, i couldnt find a logical explaination for that..
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: configure port forwarding through load balancing environment in RB951UI

Thu Dec 08, 2022 12:53 am

Rules are processed in order from top to bottom. If some rule accepts packet, no further rules will be able to touch it. So you're excluding packets to listed destination subnets from futher processing.

@anav: You know the answer, it can't do any good with dst-address-type=local.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: configure port forwarding through load balancing environment in RB951UI

Thu Dec 08, 2022 4:43 am

Well the OP said he did follow Discher but apparently he does not copy well. Indeedy, he is missing this !

Who is online

Users browsing this forum: kub1x, smirgo, sybadi and 91 guests