Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
SofroN2016-07-07 11:32:27
System administration
SofroN, 2016-07-07 11:32:27

mikrotik port forwarding not working Where is the mistake?

I recently changed an old TP-LINK to Mikrotik.
Internet set up, everything works.
I began to deal with port forwarding, set it up, but it does not work.
below all the rules that are
filter rules
95c8a7aa6bde439d87ed5ff5184c314a.JPG
nat
bda781e14e8b4470a79481b85a96ff1e.JPG
Rule No. 16 in filter rules does not work, even if you specify one port. when you try to connect, it fulfills rule No. 18, this can be seen from the increase in the packet counter and from the log
Rule No. 14 in NAT, when you try to connect, increases the packet counter by 1 or 2
, the rules themselves, the
NAT rule

14    ;;;          RDP
      chain=dstnat action=netmap to-addresses=192.168.1.50 to-ports=3389 
      protocol=tcp in-interface=ether1-wan dst-port=3966 log=yes 
      log-prefix="RDP"

filter rule
16    ;;; RDP
      chain=forward action=accept protocol=tcp in-interface=ether1-wan 
      dst-port=3390,3966,3990,3991,4132 log=no log-prefix=""

UPD: I tried both action=netmap and action=dst-nat in rule No. 14, there is no difference

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
SofroN, 2016-07-07
@SofroN

The error is localized added a rule, the forwarding worked

;;; RDP
      chain=forward action=accept protocol=tcp dst-address=192.168.1.0/24 
      dst-port=3390,3966,3990,3991,4132,3389 log=no log-prefix=""

But what is the rule then? All rules. I thought rule #8 and #9 should solve the problem.
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;;             invalid            
      chain=input action=drop connection-state=invalid in-interface=ether1-wan 
      log=yes log-prefix="DROP-INVALID-INPUT" 

 1    ;;;             invalid            
      chain=forward action=drop connection-state=invalid 
      in-interface=ether1-wan log=yes log-prefix="DROP-INVALID-FORWARD" 

 2    ;;;                                   
      chain=input action=accept connection-state=established 
      in-interface=ether1-wan log=no log-prefix="" 

 3    ;;;                                
      chain=input action=accept connection-state=related 
      in-interface=ether1-wan log=no log-prefix="" 

 4    ;;;                                              
      chain=forward action=accept connection-state=established 
      in-interface=ether1-wan log=no log-prefix="" 

 5    ;;;                                          
      chain=forward action=accept connection-state=related 
      in-interface=ether1-wan log=no log-prefix="" 

 6    ;;;                                          
      chain=input action=accept src-address=192.168.1.0/24 
      in-interface=!ether1-wan log=no log-prefix="" 

 7    ;;;                                                        
      chain=forward action=drop src-address-list=block-Internet-to-local-client 
      out-interface=ether1-wan log=yes log-prefix="BLOCK-INTERNET" 

 8    ;;;                                     
      chain=forward action=accept src-address=192.168.1.0/24 
      in-interface=!ether1-wan log=no log-prefix="ACCEPT-LAN" 

 9    ;;;                                              
      chain=forward action=accept src-address=192.168.1.0/24 
      out-interface=ether1-wan log=no log-prefix="" 

10    ;;;                ICMP
      chain=input action=accept protocol=icmp in-interface=ether1-wan log=no 
      log-prefix="" 

11    ;;;     8
      chain=forward action=accept protocol=tcp in-interface=ether1-wan 
      dst-port=80,2349,3053,3055 log=no log-prefix="" 

12    ;;;     6
      chain=forward action=accept protocol=tcp in-interface=ether1-wan 
      dst-port=81,2350,3058,3059 log=no log-prefix="" 

13    ;;;              
      chain=forward action=accept protocol=tcp in-interface=ether1-wan 
      dst-port=3070 log=no log-prefix="" 

14    ;;;           
      chain=forward action=accept protocol=tcp in-interface=ether1-wan 
      dst-port=8919 log=no log-prefix="" 

15    ;;;       1         
      chain=forward action=accept protocol=tcp src-address-list=remote-office 
      in-interface=ether1-wan dst-port=1540,1541,1560-1591 log=no log-prefix="" 

16    ;;; RDP
      chain=forward action=accept protocol=tcp in-interface=ether1-wan 
      dst-port=3390,3966,3990,3991,4132 log=no log-prefix="" 

17    ;;; VoIP                           
      chain=forward action=accept protocol=udp src-address-list=remote-office 
      in-interface=ether1-wan dst-port=5060,13000-18000 log=no log-prefix="" 

18    ;;;                                                      
      chain=forward action=drop in-interface=ether1-wan log=yes 
      log-prefix="DROP-FORWARD" 

19    ;;;                                                    
      chain=input action=drop in-interface=ether1-wan log=yes 
      log-prefix="DROP-INPUT"

UPD: even just adding port 3389 to rule #16 solves the issue

Report
A
Alghazanth, 2016-07-07
@Alghazanth

Try specifying dst-address instead of in-interface.

Similar questions
A
Anatoly Paleno2020-08-19 10:35:14
Port 5555 is not forwarded on the Eltex router, what should I do? 1Reply
N
nagatofm2014-02-23 15:18:15
Unable to open X monitor on one thin client 1Reply
B
Beethoven922021-12-04 00:58:30
How to connect Google Drive via WebDav? 4Reply
D
DimiDr0lik2016-04-29 11:47:14
How to run a service in ubuntu as an unprivileged user? 2Reply
Y
Yuri Yerusalimsky2016-04-29 14:35:42
What program allows you to visualize reporting on the network activity of computers in a local network? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question