Community discussions

MikroTik App
 
TheLordOfTheShells
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Tue Oct 03, 2017 2:48 am

Port Forwarding Error.

Fri Jan 03, 2020 4:49 am

Hi guys.
Today I'm facing a rare issue with port forwarding, I lease a line from an ISP with 3 Ip, one for internet (PPPoE) and 2 ips using for my servers to public service like web.... After NAT one website with main IP (PPPoE-ip), Rare thing happened I can access its with all 3 ips, Is there anyone facing the same issue ?
 
TheLordOfTheShells
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Tue Oct 03, 2017 2:48 am

Re: Port Forwarding Error.

Fri Jan 03, 2020 9:53 am

Is there anyone who know this issue, please help =\
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Port Forwarding Error.

Fri Jan 03, 2020 9:57 am

Hello,

On your NAT rule, did you choose in-interface or dst-address?
 
TheLordOfTheShells
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Tue Oct 03, 2017 2:48 am

Re: Port Forwarding Error.

Fri Jan 03, 2020 10:38 am

Hello,

On your NAT rule, did you choose in-interface or dst-address?
Yes, both are selected.
If needed I'll post NAT rules here.
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Port Forwarding Error.

Fri Jan 03, 2020 10:43 am

Ok, so do not use in-interface but dst-address instead.
 
TheLordOfTheShells
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Tue Oct 03, 2017 2:48 am

Re: Port Forwarding Error.

Fri Jan 03, 2020 11:34 am

Ok, so do not use in-interface but dst-address instead.
add action=dst-nat chain=dstnat disabled=yes dst-address=171.xxx.xxx.xxx \
dst-port=443 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.xxx.xxx.xxx to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-address=171.xxx.xxx.xxx \
dst-port=80 protocol=tcp to-addresses= 192.xxx.xxx.xxx to-ports=80
add action=masquerade chain=srcnat dst-address= 192.xxx.xxx.xxx dst-port=443 \
out-interface-list=LAN protocol=tcp src-address-list=Local_Address
Please check, I don't think in-interface cause this error.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Port Forwarding Error.

Fri Jan 03, 2020 11:10 pm

If 171.xxx.xxx.xxx is single address, then these rules will work only for that address and nothing else, it's simply not possible that they would touch packets with other destination address. Maybe you have some other rules?
 
TheLordOfTheShells
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 71
Joined: Tue Oct 03, 2017 2:48 am

Re: Port Forwarding Error.  [SOLVED]

Mon Jan 06, 2020 8:11 am

It was my fault, I have a NAT rule standed above all the other rules which cause error. I should specified the destination address for each NAT rule.
Thank for your comment.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat  dst-port=80 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.xxx.xxx.xxx to-ports=80

Who is online

Users browsing this forum: anav, Elvis1991 and 35 guests