Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis Michurin2018-02-16 15:37:46
Computer networks
Denis Michurin, 2018-02-16 15:37:46

Port forwarding on Mikrotik?

Hello everyone
I'm trying to forward the port on Mikrotik towards the server. I did everything according to the manuals
But something doesn't work
Where am I the fool?

Filter Rules
5a86d032cadfc783005876.png
NAT
5a86d054e0a15741694242.png5a86d066baa26507843076.png
nmap
5a86d07c550fe765583628.png
/ip firewall export
/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=forward dst-address=x.x.x.x/24 log=yes src-address=192.168.88.0/24
add action=accept chain=forward dst-address=192.168.88.0/24 log=yes src-address=x.x.x.x/24
add action=accept chain=forward dst-address=192.168.88.110 dst-port=444 in-interface=ether1-gateway protocol=tcp
add action=accept chain=input log=yes protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=80 protocol=tcp
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add action=accept chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=\
    ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat dst-address=!172.16.1.0/24 out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-port=444 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.110 to-ports=444

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
D
Dmitry Skoromnov, 2018-02-16
@kursy-po-it

Unload /ip firewall export
Without it, it is not clear what and how. The screenshots do not show all the information.

Report
W
Wexter, 2018-02-16
@Wexter

In Filter, add a rule allowing forward to 192.168.88.110:444

Report
D
Dmitry, 2018-02-16
@Tabletko

And who will specify the incoming interface?

Report
I
ifossa, 2018-02-16
@ifossa

Below, working configuration for firewall/NAT with open ports for L2TP IPSec, web interface and port forwarding 444 to ip 192.168.88.110

/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=netmap chain=dstnat dst-port=444 in-interface=ether1 protocol=tcp to-addresses=192.168.88.110 to-ports=44
/ip firewall filter
add action=accept chain=input comment="ALLOW ESTABLISHED" connection-state=established
add action=accept chain=input comment="ALLOW RELATED" connection-state=related
add action=drop chain=input comment="DROP INVALID" connection-state=invalid
add action=accept chain=input comment="ALLOW ICMP" protocol=icmp
add action=accept chain=input comment="ALLOW WINBOX" dst-port=8291 protocol=tcp
add action=accept chain=input comment="ALLOW L2TP IPSEC" dst-port=500,1701,4500 in-interface=ether1 protocol=udp
add action=accept chain=forward comment="ALLOW L2TP IPSEC" protocol=ipsec-esp
add action=accept chain=input comment="ALLOW WEB-INTERFACE" dst-port=80 protocol=tcp
add action=drop chain=input comment="DROP ALL INPUT"
add action=accept chain=forward comment="ALLOW ESTABLISHED" connection-state=established
add action=accept chain=forward comment="ALLOW RELATED" connection-state=related
add action=drop chain=forward comment="DROP INVALID" connection-state=invalid
add action=accept chain=forward comment="ALLOW ICMP" protocol=icmp
add action=accept chain=forward comment="ALLOW REDIRECT TO RDP" dst-port=444 protocol=tcp
add action=accept chain=forward comment="ALLOW INTERNET FROM LOCAL" out-interface=ether1 src-address=192.168.88.0/24
add action=drop chain=forward comment="DROP ALL FORWARD"

Report
N
NikanorovKir, 2018-02-17
@NikanorovKir

The screenshot shows that the packets go through the nata rule, maybe the problem is still in the server?

Report
G
Gregory, 2018-02-17
@Maxlinus

at the server the gateway is registered?

Similar questions
M
mibii2017-06-10 09:58:57
Is it mandatory to use a new change address each time for a bitcoin transaction? 2Reply
S
Sergey Druzhko2017-06-10 16:57:26
How to analyze ALL Android traffic on PC? 1Reply
S
Sargulov2015-07-02 10:29:34
How to use the service inside the network and outside by one ip? 2Reply
Z
Zolg2019-11-11 13:58:40
Is it possible to limit the peak UDP transfer rate (per-socket) in linux with system settings? 4Reply
S
Sergey2021-05-07 15:39:28
How to transfer large amount of data between servers? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question