Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Pleae check my NAT - new in MikroTik

Locked
 
xchose
just joined
Topic Author
Posts: 5
Joined: Mon Nov 09, 2015 4:30 pm
Location: Czechia
Contact:
Contact xchose

Pleae check my NAT - new in MikroTik

Mon Nov 09, 2015 10:41 pm

Hello, I've changed my old TP_Link to RB2011UiAS-2HnD, everything is amazing here, anyway I need a help with my NAT. I have a PLC computer connected by cable to Mikrotik where I need NAT few ports 20 21 53 80.

Could you check my NAT please:
Code: Select all
[admin@MikroTik] > /ip firewall nat print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; default configuration
      chain=srcnat action=masquerade out-interface=ether1-gateway log=no 
      log-prefix="" 

 1    chain=dstnat action=dst-nat to-addresses=192.168.0.70 to-ports=80 
      protocol=tcp dst-port=1080 log=no log-prefix="" 

 2    chain=dstnat action=dst-nat to-addresses=192.168.0.70 to-ports=75 
      protocol=tcp dst-port=1075 log=no log-prefix="" 

 3    chain=dstnat action=dst-nat to-addresses=192.168.0.70 to-ports=75 
      protocol=udp dst-port=1075 log=no log-prefix="" 

 4    chain=dstnat action=dst-nat to-addresses=192.168.0.70 to-ports=20 
      protocol=tcp dst-port=1020 log=no log-prefix="" 

 5    chain=dstnat action=dst-nat to-addresses=192.168.0.70 to-ports=21 
      protocol=tcp dst-port=1021 log=no log-prefix="" 

 6    chain=dstnat action=dst-nat to-addresses=192.168.0.70 to-ports=59 
      protocol=tcp dst-port=1059 log=no log-prefix=""
Should I do any firewall rule? If yes could you sent me an example? My communication between PLC and web server outside still does not work.

PLC has ip 192.168.0.70, can ping it form MikroTic:
Code: Select all
[admin@MikroTik] > ping 192.168.0.70
  SEQ HOST                                     SIZE TTL TIME  STATUS           
    0 192.168.0.70                               56 128 2ms  
    1 192.168.0.70                               56 128 0ms  
    2 192.168.0.70                               56 128 1ms  
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=1ms max-rtt=2ms
I can see actually on port 10 only TX traffic no RX. Thanks for any ideas, links examples...

Martin
Top
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:
Contact evince

Re: Pleae check my NAT - new in MikroTik

Tue Nov 10, 2015 11:46 am

Hello, in your NAT rules, you need to specify dst-address or in-interface.

You need fileter rule if you have a drop in forward.

Regards,
Top
 
User avatar
tslytsly
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Oct 27, 2015 6:52 pm
Location: Nottingham
Contact:
Contact tslytsly

Re: Pleae check my NAT - new in MikroTik

Tue Nov 10, 2015 2:39 pm

Hello, in your NAT rules, you need to specify dst-address or in-interface.

You need fileter rule if you have a drop in forward.

Regards,
Agreed, in fact the rules you have now will NAT any traffic that traverses the firewall with those dst-ports.

Best to add
Code: Select all
in-interface=ether1-gateway
to all of those dst-nat rules.
Top
Locked
  4. RouterOS
  5. Beginner Basics