Hi guys,
Just bought a RB450G and I'm having a little trouble getting the port forwarding/mapping to work. I have PPPOE-Client working through my bridged ADSL modem and can surf the net.

I'm trying to port forward from the internet (interface TPG) to my internal private network (192.168.0.0/16 interface ether2-LAN)
Here is a copy of my config and I'm hoping someone can point out my errors.

# jan/02/1970 06:36:40 by RouterOS 6.7
# software id = KHBQ-6F3T
#
/interface ethernet
set [ find default-name=ether2 ] comment="LAN interface" name=ether2-LAN
set [ find default-name=ether3 ] comment="Wireless interface" name=\
ether3-Wireless
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=TPG password=\
XXXXXXXXX use-peer-dns=yes user=user
/ip neighbor discovery
set ether2-LAN comment="LAN interface"
set ether3-Wireless comment="Wireless interface"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/port
set 0 name=serial0
/system logging action
add name=Syslog remote=192.168.0.6 target=remote
/ip address
add address=192.168.0.42/16 interface=ether2-LAN network=192.168.0.0
add address=192.168.20.42/24 interface=ether3-Wireless network=192.168.20.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add chain=input comment="Accept established connections" connection-state=\
established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid
add chain=input comment=UDP protocol=udp
add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="From our LAN" in-interface=ether2-LAN src-address=\
192.168.0.0/16
add action=log chain=input comment="Log everything else" log-prefix=\
"DROP INPUT"
add action=drop chain=input comment="Drop everything else"
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/16
add action=dst-nat chain=dstnat dst-port=3389 in-interface=TPG protocol=tcp \
to-addresses=192.168.0.6 to-ports=3389
add action=dst-nat chain=dstnat dst-port=25 in-interface=TPG protocol=tcp \
to-addresses=192.168.0.57 to-ports=25
add action=dst-nat chain=dstnat dst-port=80 in-interface=TPG protocol=tcp \
to-addresses=192.168.0.49 to-ports=80
add action=dst-nat chain=dstnat dst-port=110 in-interface=TPG protocol=tcp \
to-addresses=192.168.0.45 to-ports=110
add action=dst-nat chain=dstnat dst-port=8100 in-interface=TPG protocol=tcp \
to-addresses=192.168.0.6 to-ports=8100
add action=dst-nat chain=dstnat dst-port=7272 in-interface=TPG protocol=tcp \
to-addresses=192.168.0.8 to-ports=7272
/system logging
add action=Syslog topics=dns
add action=Syslog topics=info

Thanks in advance.

Dasha65

I'm only a noob myself, but I think you're missing some inbound rules in the forward chain, something like:

ros code

add chain=forward comment="port-forward tcp/3389 (ip after dst-nat)" dst-address=192.168.0.6 dst-port=3389 protocol=tcp

You've set up the inbound NAT translations, you just haven't allowed traffic to flow to them.

As I say, still learning myself, so there may be other things wrong/missing!

I'm only a noob myself, but I think you're missing some inbound rules in the forward chain, something like:

ros code

add chain=forward comment="port-forward tcp/3389 (ip after dst-nat)" dst-address=192.168.0.6 dst-port=3389 protocol=tcp

You've set up the inbound NAT translations, you just haven't allowed traffic to flow to them.

As I say, still learning myself, so there may be other things wrong/missing!

I was missing the inbound rule for RPP and have added it, the main problem was I had the destination address as the local address and not my internet address, once I fixed that up it was all good.