[solved] Having trouble creating a basic firewall rule

distantsoil · Sat Mar 21, 2015 7:41 am

My config is about as bare as can be, but I'm having trouble creating a basic firewall rule. I don't even see traffic hitting it.

I'm trying to open port 3389 to allow connections from the internet to my home desktop, but I'm not seeing any traffic hit it at all.

Any suggestions?

Here's my firewall export

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add chain=dstnat dst-address=192.168.1.106 dst-port=3389 in-interface=ether1-gateway protocol=tcp src-port=3389

rjscomms · Sat Mar 21, 2015 8:47 am

Hello,

you have no action statement in your NAT rule.

Have a look at this site for example.

http://www.icafemenu.com/how-to-port-fo ... router.htm

Dave.

distantsoil · Sat Mar 21, 2015 5:27 pm

Ah hah! Thank you

I had tried creating a destination IP address on the first page of the NAT setup as well as setting the action to allow rather than dst-nat

Thanks!

vstman · Sun Mar 22, 2015 5:35 pm

I use netmap......what is the difference? Also needs a hairpin.

[solved] Having trouble creating a basic firewall rule

[solved] Having trouble creating a basic firewall rule

Re: Having trouble creating a basic firewall rule

Re: Having trouble creating a basic firewall rule

Re: [solved] Having trouble creating a basic firewall rule

Who is online