Port is showing open from https://www.yougetsignal.com/tools/open-ports/ after i add chain forward rule to firewall and deleted all other firewall rules (i know thats bad practice, but i was out of options). Any help?
Code: Select all
[admin@MikroTik] > /export compact
# dec/18/2020 13:16:51 by RouterOS 6.44.6
# software id = B19J-K8YI
#
# model = RB750Gr3
# serial number = CC210B1EE3A8
/interface bridge
add admin-mac=C4:AD:34:CC:CD:EC auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] loop-protect=on
set [ find default-name=ether2 ] loop-protect=on
set [ find default-name=ether3 ] loop-protect=on
set [ find default-name=ether4 ] loop-protect=on
set [ find default-name=ether5 ] loop-protect=on
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5 trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=forward connection-state=established,related,new,untracked
/ip firewall mangle
add action=log chain=postrouting dst-port=25565 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment=MinecraftHairpin dst-address=192.168.88.198 dst-port=25565 out-interface=bridge protocol=tcp src-address=\
192.168.88.0/24
add action=masquerade chain=srcnat dst-address=192.168.88.198 dst-port=25565 out-interface=bridge protocol=udp src-address=192.168.88.0/24 to-ports=\
25565
add action=dst-nat chain=dstnat dst-address=94.244.64.198 dst-port=25565 protocol=tcp to-addresses=192.168.88.198 to-ports=25565
add action=dst-nat chain=dstnat dst-address=94.244.64.198 dst-port=25565 protocol=udp to-addresses=192.168.88.198 to-ports=25565
add action=dst-nat chain=dstnat comment="upnp 192.168.88.198: GTA V" dst-address=94.244.64.198 dst-port=61455-61458 in-interface=ether1 protocol=udp \
to-addresses=192.168.88.198 to-ports=61455-61458
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Europe/Vilnius
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add host=192.168.88.1 interval=1s
/tool traffic-monitor
add interface=ether1 name=tmon1 threshold=0 traffic=received
Code: Select all
/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment="Drop tries to reach not public addresses from LAN" dst-address-list=not_in_internet in-interface=bridge log=yes log-prefix=!public_from_LAN out-interface=!bridge
add action=drop chain=forward comment="Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=ether1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment="Drop packets from LAN that do not have LAN IP" in-interface=bridge log=yes log-prefix=LAN_!LAN src-address=!192.168.88.0/24