Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Filter + NAT port range problem

Locked
 
User avatar
BloodShed
just joined
Topic Author
Posts: 3
Joined: Mon Jul 27, 2009 5:41 pm
Location: Lemvig, Denmark
Contact:
Contact BloodShed

Filter + NAT port range problem

Tue Jul 28, 2009 6:37 pm

RouterOS version: 3.27

I'm pretty new at this.

My problem is that I have a port range (27000-27050 tcp and udp) that is forwarded from wan (62.242.x.x) to a pc on lan (192.168.0.100).
The problem is that only port 27015 is functional, every other port is a brick wall so to speak.

Here is the firewall filter
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Accept established connections
     chain=input action=accept connection-state=established in-interface=Wan 

 1   ;;; Accept related connections
     chain=input action=accept connection-state=related in-interface=Wan 

 2   ;;; Drop invalid connections
     chain=input action=drop connection-state=invalid in-interface=Wan 

 3   ;;; Allow Ping and other ICMP
     chain=input action=accept protocol=icmp in-interface=Wan 

 4   ;;; Drop unknown packets
     chain=input action=drop in-interface=Wan 

 5   ;;; Accept established connections
     chain=forward action=accept connection-state=established 

 6   ;;; Accept related connections
     chain=forward action=accept connection-state=related 

 7   ;;; Drop invalid connections
     chain=forward action=drop connection-state=invalid 

 8   chain=forward action=accept protocol=tcp dst-address=192.168.0.100 
     in-interface=Wan dst-port=27000-27050 

 9   chain=forward action=accept protocol=udp dst-address=192.168.0.100 
     in-interface=Wan dst-port=27000-27050
and NAT
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade src-address=192.168.0.0/24 
     out-interface=Wan 

 1   chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015 
     protocol=tcp dst-address=62.242.x.x dst-port=27000-27050 

 2   chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015 
     protocol=udp dst-address=62.242.x.x dst-port=27000-27050
This problem has been driving me nuts
Top
 
User avatar
BloodShed
just joined
Topic Author
Posts: 3
Joined: Mon Jul 27, 2009 5:41 pm
Location: Lemvig, Denmark
Contact:
Contact BloodShed

Re: Filter + NAT port range problem

Tue Jul 28, 2009 6:51 pm

Never mind human error strikes again :oops:
Top
 
Still
just joined
Posts: 16
Joined: Mon Jul 27, 2009 5:27 am
Location: Alexandria, Egypt

Re: Filter + NAT port range problem

Tue Jul 28, 2009 6:57 pm

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/24
out-interface=Wan

1 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=tcp dst-address=62.242.x.x dst-port=27000-27050

2 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=udp dst-address=62.242.x.x dst-port=27000-27050




Working as intended or am i missing something?
Top
 
User avatar
BloodShed
just joined
Topic Author
Posts: 3
Joined: Mon Jul 27, 2009 5:41 pm
Location: Lemvig, Denmark
Contact:
Contact BloodShed

Re: Filter + NAT port range problem

Tue Jul 28, 2009 7:54 pm

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/24
out-interface=Wan

1 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=tcp dst-address=62.242.x.x dst-port=27000-27050

2 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=udp dst-address=62.242.x.x dst-port=27000-27050




Working as intended or am i missing something?
yes to-ports= should have had a range instead of a single port
Top
Locked
  4. RouterOS
  5. Beginner Basics