Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

port forwarding don't work

Locked
 
ugoday
just joined
Topic Author
Posts: 2
Joined: Sat Nov 30, 2013 10:35 am

port forwarding don't work

Sat Nov 30, 2013 4:45 pm

Hello, all.

I have a mikrotir router and linux host behind them. I want connecting by ssh to my linux station from internet. But after I add this rule
Code: Select all
chain=dstnat action=dst-nat to-addresses=192.168.88.251 to-ports=22 protocol=tcp dst-address=external-ip-of-router dst-port=24
nothing done.
Code: Select all

$ nmap myhost.no-ip.org

Starting Nmap 5.00 ( http://nmap.org ) at 2013-11-30 18:41 MSK
Interesting ports on myhost.2com.net (my-external-ip):
Not shown: 991 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
23/tcp   open     telnet
53/tcp   open     domain
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
2000/tcp open     callbook
8291/tcp open     unknown

Nmap done: 1 IP address (1 host up) scanned in 1.73 seconds
Where is my mistake?
there is all firewall rules: http://pastebin.com/1gP0KgDE
Top
 
ugoday
just joined
Topic Author
Posts: 2
Joined: Sat Nov 30, 2013 10:35 am

Re: port forwarding don't work

Mon Dec 02, 2013 8:22 pm

It is work, when i move rule
chain=dstnat action=accept
to bottom, after rules for port forwarding, i.e.
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=ether1-gateway

1 chain=srcnat action=masquerade to-addresses=10.0.0.0 out-interface=work

2 chain=dstnat action=dst-nat to-addresses=192.168.88.251 to-ports=22 protocol=tcp dst-address=ip dst-port=24

3 chain=dstnat action=dst-nat to-addresses=192.168.88.251 to-ports=9091 protocol=tcp dst-address=ip dst-port=5060

4 chain=dstnat action=accept
[admin@MikroTik] /ip firewall nat>
Top
 
Rudios
Forum Veteran
Forum Veteran
Posts: 977
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: port forwarding don't work

Tue Dec 03, 2013 1:45 pm

That makes sense, since the firewall executes the first rule applicable.
Besides from that, having the dst-nat rule is unclear to me.
Top
 
marcus65
newbie
Posts: 26
Joined: Fri Feb 08, 2013 4:15 am
Location: Brooklyn, New York

Re: port forwarding don't work

Tue Dec 10, 2013 9:18 pm

I don't understand why the to-port=22 and the dst-port=24??
Top
 
Rudios
Forum Veteran
Forum Veteran
Posts: 977
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: port forwarding don't work

Wed Dec 11, 2013 11:13 am

To let the system be SSH available on a non-default port from outside.
Top
Locked

Who is online

Users browsing this forum: gigabyte091 and 44 guests
  4. RouterOS
  5. Beginner Basics