Community discussions

 
funnyman
just joined
Topic Author
Posts: 4
Joined: Thu Dec 26, 2013 4:51 pm

SSH port forward

Thu Dec 26, 2013 5:17 pm

Hello, I run server behind mikrotik with static IP 192.168.1.2. I connect to the server by SSH, so I want to forward port no. 22 to the server.
I found out that mikrotik has his SSH opened to WAN by default, so I tried to forward port no. 2022 to server by this command:
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp in-interface=ether1-gateway dst-port=2022 to-addresses=192.168.1.2 to-ports=22
/ip firewall filter add chain=forward action=accept protocol=tcp in-interface=ether1-gateway src-port=2022
When I try to connect to the server, putty shows "connection refused" message. What am I doing wrong?
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: SSH port forward

Fri Dec 27, 2013 2:47 pm

You have an anomily in your firewall filter rule.
It should have the to-ports parameter from the NAT rule as portnumber, not the dst-port parameter, and it must be set as dst-port, not src-port.
This is because the filter is checked after the dst-nat rules are applied.
For extra specific checking, the dst-address parameter for the filter rule can be filled in (192.168.1.2)

So to be clear

ros code

/ip firewall nat
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=tcp dst-port=2022 to-addresses=192.168.1.2 to-ports=22
/ip firewall filter
add chain=forward in-interface=ether1-gateway protocol=tcp dst-address=192.168.1.2 dst-port=22
Last edited by Rudios on Fri Dec 27, 2013 2:59 pm, edited 1 time in total.
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
funnyman
just joined
Topic Author
Posts: 4
Joined: Thu Dec 26, 2013 4:51 pm

Re: SSH port forward

Fri Dec 27, 2013 2:56 pm

could you please write the exact code for me? I am trying to change values in GUI (I am new to routerboard and don't know the syntax well yet) and I am not successful. Thank you
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: SSH port forward

Fri Dec 27, 2013 3:00 pm

While you wrote, I edited my previous post.
Check my comments there
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
funnyman
just joined
Topic Author
Posts: 4
Joined: Thu Dec 26, 2013 4:51 pm

Re: SSH port forward

Sat Dec 28, 2013 12:30 pm

Thank you, it's working well now. If you tell me how to give you karma point, I will do that :)
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: SSH port forward

Sat Dec 28, 2013 2:34 pm

To give karma, just click the + button below my karma count on the left.
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
funnyman
just joined
Topic Author
Posts: 4
Joined: Thu Dec 26, 2013 4:51 pm

Re: SSH port forward

Mon Dec 30, 2013 1:16 am

well, there is a bug about it, I can't see it while on chrome on windows, but I can see it on chromium on linux. Weird, they should be quite the same browsers...

Who is online

Users browsing this forum: No registered users and 18 guests