Hello, I'm very new to MikroTik devices, and am learning very quickly but, I have been searching high and low for an answer to this question that I have, and haven't found anything... One of my new RM3011UiAS is acting up. I setup a NAT rule for remote desktop connection port 3389 to a specific server on one of my LAN's. I'm able to access it (most of the time) but I get kicked off in speratic disconnect times. I have verified that the router is in fact closing the ports, and re opening them.
I have 2 of these devices, I have copied the configuration of the device in question to a fresh device (after verifying that all of the ports on the new device were getting full bandwidth and connectivity before flashing the configuration I pulled from the original device.)
I don't see any port triggering options in RouterOS, so I don't really know where else to look!
I'm also noticing that the computers on that LAN loose internet connectivity at the same time that I get kicked off the remote session. The 1 other LAN that is running on the device operates with out any problems what so ever.
I don't know what else to do.
Any and all help is VERY MUCH appreciated.
Thank you in advance.
-
-
JaySmith1112
just joined
- Posts: 8
- Joined:
- Location: Santa Monica, CA, USA
- Contact:
Re: MikroTik closes ports randomly then reopens them.
The router may be recording the port closing, but that doesn't mean its the one closing the port. How have you verified this?
Do you have two LANs going to the same ISP and only one is periodically losing connection? Or two separate ISPs?
Sounds like its not just a NAT port closing, but losing connection to the ISP.
Perhaps a little more detailed information and post a
Do you have two LANs going to the same ISP and only one is periodically losing connection? Or two separate ISPs?
Sounds like its not just a NAT port closing, but losing connection to the ISP.
Perhaps a little more detailed information and post a
Code: Select all
export hide-sensitive
Re: MikroTik closes ports randomly then reopens them.
RouterOS can't close and open ports on it's own.
Please post your export, and the method how you say you "verified" this
Please post your export, and the method how you say you "verified" this
-
-
JaySmith1112
just joined
- Posts: 8
- Joined:
- Location: Santa Monica, CA, USA
- Contact:
Re: MikroTik closes ports randomly then reopens them.
I'm working with another fellow that was using external port checkers from off site machines, as well as his computer with in the lan. They would all show the port open, but when we noticed our remote sessions locking up, he would then run the port scans and find the port closed. We setup the NAT rule originally, and then removed it, and replaced it with what we thought was correct. It's the same setting he as setup on the other devices, that work just fine.
I'm still learning all of this. Was what he was doing incorrect in diagnosing what's going on?
I'm still learning all of this. Was what he was doing incorrect in diagnosing what's going on?
Code: Select all
# sep/28/2016 09:22:28 by RouterOS 6.35.3
# software id = 2S2U-PIU3
#
/ip firewall filter
add chain=input dst-port=8291 protocol=tcp
add chain=input dst-address=xx.xxx.xx.36 dst-port=8080 in-interface=ETH1_Main_WAN protocol=tcp
add chain=forward comment="VoIP SIP" port=5060-5070 protocol=udp
add chain=forward comment="VoIP RTP" port=10000-20000 protocol=udp
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ETH1_Main_WAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface=ETH1_Main_WAN
add chain=forward port=3389 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat dst-address=172.20.224.19 dst-port=80 out-interface=ETH1_Main_WAN protocol=tcp src-address=172.20.32.0/24
add action=src-nat chain=srcnat dst-address=172.20.32.0/24 out-interface="ETH5 - Public LAN" protocol=tcp src-address=172.20.32.0/24 \
to-addresses=172.20.224.19 to-ports=0-65535
add action=dst-nat chain=dstnat dst-port=3389 protocol=tcp to-addresses=172.20.224.55 to-ports=3389
add action=dst-nat chain=dstnat in-interface=ETH1_Main_WAN protocol=tcp to-addresses=172.20.224.19
add action=masquerade chain=srcnat dst-address=172.20.224.19 dst-port=80 out-interface=bridge protocol=tcp
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ETH1_Main_WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=172.20.32.0/24
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=dstnat dst-port=3389 protocol=tcp
add action=dst-nat chain=dstnat port=3389 protocol=udp to-addresses=172.20.224.55 to-ports=3389