Answer the question
In order to leave comments, you need to log in
How to set up a filter in RouterOS to forward one port to another?
I am forwarding incoming traffic from published port 5922 to port 22 of host 192.168.255.2.
Works for Cisco.
!
interface Dialer0
ip access-group FW_in in
!
ip nat inside source static tcp 192.168.255.2 22 interface Dialer0 5922
ip nat inside source list NAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended FW_in
permit tcp any any eq 5922
!
/ip firewall filter
add chain=forward dst-port=5922 in-interface=ether1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-port=5922 in-interface=ether1 \
protocol=tcp to-addresses=192.168.255.2 to-ports=22
/ip firewall filter
add chain=forward dst-port=22 in-interface=ether1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-port=22 in-interface=ether1 \
protocol=tcp to-addresses=192.168.255.2 to-ports=22
Answer the question
In order to leave comments, you need to log in
SELECT `name`
FROM `sm_groups`
WHERE `id` IN (
SELECT `group_id`
FROM `sm_admins_groups`
WHERE `admin_id` IN (
SELECT `id`
FROM `sm_admin`
WHERE `identity` = :identity AND `sid` = :sid
)
)
What's the problem with putting "unequal" in the query?
SELECT d.id, d.name
FROM sm_admins m
JOIN sm_admins_groups r ON m.id=r.admin_id
JOIN sm_groups d ON r.group_id=d.id
WHERE m.identity <> 'STEAM_0:1:427770368' AND m.sid <> '0'
I confess! It's all about lack of knowledge.
It turns out that DST-NAT works even in PREROUTING => when the packet reaches the filter, the port in it has already been changed.
In my case, 5922 has already been changed to 22.
wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6
Question: What am I doing like this? Or something with Mikrotik?
Answer: Mikrotik is fine.
Need to change the rule
/ip firewall filter add chain=forward dst-port=5922 in-interface=ether1 protocol=tcpon the
/ip firewall filter add chain=forward dst-port=22 in-interface=ether1 protocol=tcp
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question