Mikrotik Open Port 3389 RDP (or similar)?

K

Karim kkk2019-04-09 10:44:18

Mikrotik

Karim kkk, 2019-04-09 10:44:18

Good afternoon!
there are rules

spoiler

add action=masquerade chain=srcnat src-address=192.168.0.0/16
add action=dst-nat chain=dstnat comment=RDP dst-address=мой внешний IP \
dst-port=33389 log=yes protocol=tcp to-addresses=192.168.7.11 to-ports=3389

and white IP.
Internet is working fine!
But when you try to connect to a white IP with port 33389, the packet counter works, but the connection does not go through,
the NAT rule is above all.
when trying to connect
, it says apr/08 10:50:35 firewall,info dstnat: in:ether3 out:(unknown 0), src-mac 1c:7e:e5:88:6a:01, proto TCP (SYN), 31.13 .145.56:7331-> my external IP:33389, len 60
I don't understand, maybe the opposite rule is needed!
The machine's gateway is the tick's IP.
set netmap in the RDP rule doesn't work either....
PS - there is a WiFi router in the same subnet, when connected from a mobile via local IP (192.168.7.11:3389) everything connects fine...
PPS - I connected the second white IP to this machine past the tick, directly. ...worked great!

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

Denis Melnikov, 2019-04-09
@Mi11er

But why is this?
dst-address=my external IP

A

Alexander Karabanov, 2019-04-09
@karabanov

Without additional settings from the local network, you cannot connect to a device located in the same local network via external IP.
Hirepin-Nat is needed for this to work.

R

rionnagel, 2019-04-11
@rionnagel

And in the firewall -> filter rules you allowed transit traffic to the required out. interface, on tcp 3398?

K

Karim kkk, 2020-02-21
@AcseLyezA

In general, I found a solution! If anyone needs it, we go with the following sequence
1 - Mangle - we mark the packet when accessing the port,
2 - we nat it as intended,
3 - Filter - we open ports, if the rules for limiting input or forward were set,
FIG knows why he didn’t break through with simple DSTNAT!