Page 1 of 1
Cannot get port forwarding to work
Posted: Sun Sep 20, 2015 1:55 am
by AGriffiths73
Hi,
I have a brand new router, running 6.32.1 and have tried all the instructions I can find to configure port forwarding for my CCTV on port 9000 so have a NAT rule for dstnat for my external IP, port 9000 to 192.168.1.140:9000 and everything is fine for local connection to 192.168.1.140 so I know the system is working, but cannot get my iPad or phone to connect to the CCTV using the external IP.
It worked fine on the Asus router this one replaces with much more straight forward settings.
The firewall settings are as they were when the box was first configured.
I'm really stuck and don't want to have to go back to the Asus.
TIA
Re: Cannot get port forwarding to work
Posted: Mon Sep 21, 2015 12:22 pm
by evince
Hello,
Please post here your Firewall and NAt rules.
Re: Cannot get port forwarding to work
Posted: Mon Sep 21, 2015 12:25 pm
by patrick7
Did you add a Filter rule to accept the traffic? Are you trying to access your public IP from your LAN? Then you need to configure Hairpin NAT.
Also make sure, your device has a default gateway.
Re: Cannot get port forwarding to work
Posted: Mon Sep 21, 2015 5:06 pm
by AGriffiths73
0 D ;;; special dummy rule to show fasttrack counters
chain=forward
1 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
2 ;;; default configuration
chain=input action=accept protocol=icmp log=no log-prefix=""
3 ;;; default configuration
chain=input action=accept connection-state=established,related log=no
log-prefix=""
4 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway log=no
log-prefix=""
5 X chain=forward action=accept protocol=tcp dst-address=192.168.1.140
dst-port=80 log=no log-prefix=""
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.1.140 to-ports=9000
protocol=tcp dst-address=80.229.xxx.xxx in-interface=bridge-local
dst-port=9000 log=no log-prefix=""
1 ;;; default configuration
chain=srcnat action=masquerade out-interface=pppoe-out1 log=no
log-prefix=""
2 chain=dstnat action=dst-nat to-addresses=192.168.1.140 to-ports=80
protocol=tcp dst-address=80.229.xxx.xxx in-interface=all-ppp dst-port=80
log=no log-prefix=""
[admin@HFR] /ip firewall nat>
The CCTV DVR has 192.168.1.254 as the default GW, unchanged from when it worked fine with the Asus router.
Re: Cannot get port forwarding to work
Posted: Wed Sep 23, 2015 11:39 am
by AGriffiths73
Hi,
I set and reset the FW filter and NAT rules, as well as put in a hairpin NAT as per the instructions found on this site. I can see traffic traverse the NAT connection, but it's 'bitty', in as much as it looks like lots of attempts to connect, but not flowing traffic.
The client I use was tested yesterday on a 4G connection 100 miles from the CCTV and router, and nothing. However, if I use the client software that ships with the DVR, it uses the QR code on the unit to attach, and, using 3G, so completely seperate connection, it works.
Yours, confused of Warwickshire.
Re: Cannot get port forwarding to work
Posted: Thu Sep 24, 2015 1:38 pm
by evince
Hello,
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.1.140 to-ports=9000
protocol=tcp dst-address=80.229.xxx.xxx in-interface=bridge-local
dst-port=9000 log=no log-prefix=""
Do not specify in interface and test again from outside.
Re: Cannot get port forwarding to work
Posted: Thu Sep 24, 2015 2:09 pm
by AGriffiths73
Thanks, that's how it's setup, so from outside I can now access it.
Just a few other niggles to work out now
Re: Cannot get port forwarding to work
Posted: Mon Sep 28, 2015 10:43 am
by evince
Hello,
Lety me know what kind of proble you have now and i'll try to help you
à