Page 1 of 1
port forwarding
Posted: Thu Dec 01, 2016 4:00 pm
by Derell
hi there guys
today im asking about port forwarding
so i just started to replace my router from tp link to mikrotik and i just realy confused
so tp link is so easy like u just type start port end port protocol and ur ip
but in mikrotik it was so diffrent or mayBE u guys can help
thanks
Re: port forwarding
Posted: Thu Dec 01, 2016 10:36 pm
by erlinden
Re: port forwarding
Posted: Fri Dec 02, 2016 4:41 am
by TyBermea
Here is an example of destination NAT (port forwarding):
/ip firewall nat
add action=dst-nat chain=dstnat comment="Unifi Video" dst-port=7443,7446 protocol=tcp to-addresses=10.11.43.4
add action=dst-nat chain=dstnat comment="RDP" dst-port=3389 protocol=tcp to-addresses=10.11.43.254
Re: port forwarding
Posted: Fri Dec 02, 2016 11:24 am
by Derell
none of them work
i make uttorent to listen to the port that i want but when i see in canyouseeme it still say couldnt see you ... on port 1337
Re: port forwarding
Posted: Fri Dec 02, 2016 11:49 am
by tslytsly
Hi derell
Don't forget to add a filter rule to allow the traffic:
ip firewall filter add chain=forward connection-nat-state=dstnat action=accept comment="allow NAT'd traffic" disabled=no
hope that helps.
Re: port forwarding
Posted: Fri Dec 02, 2016 1:09 pm
by Derell
yi already done that but sadly it gave me same result so i did i do something wrong so this is my rule
chain dst nat
dst port 1337
action dst nat
to port 1337
to addres my ip4 addres
Re: port forwarding
Posted: Fri Dec 02, 2016 1:20 pm
by tslytsly
yi already done that but sadly it gave me same result so i did i do something wrong so this is my rule
chain dst nat
dst port 1337
action dst nat
to port 1337
to addres my ip4 addres
Hmm, can you please paste the output of:
Make sure to delete or obscure any private data.
Re: port forwarding
Posted: Fri Dec 02, 2016 2:48 pm
by Derell
how u can do that there no filter print
Re: port forwarding
Posted: Fri Dec 02, 2016 3:10 pm
by tslytsly
If you are using winbox you can open a terminal and export bits of the config with the print command.
On the left side if Winbox, under Tools you should see New Terminal, click this.
in the terminal window that opens type:
this will output something like this in the terminal window:
Flags: X - disabled, I - invalid, D - dynamic
3 ;;; default configuration
chain=input action=accept protocol=icmp log=no log-prefix=""
4 ;;; default configuration
chain=input action=accept connection-state=established log=no log-prefix=""
5 ;;; default configuration
chain=input action=accept connection-state=related log=no log-prefix=""
Using the mouse highlight and right-click, select copy.
You can now paste into the forum, although
make sure to remove any sensitive info.
Re: port forwarding
Posted: Fri Dec 02, 2016 3:17 pm
by Derell
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; allow NAT'd traffic
chain=forward action=accept connection-nat-state=dstnat log=no
log-prefix=""
there u go hope u can help me
Re: port forwarding
Posted: Fri Dec 02, 2016 3:56 pm
by tslytsly
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; allow NAT'd traffic
chain=forward action=accept connection-nat-state=dstnat log=no
log-prefix=""
there u go hope u can help me
Hmm, that looks ok. And if it is the only rule then it would work anyway because ROS is default accept.
Can you do that same with:
Re: port forwarding
Posted: Sun Dec 04, 2016 8:38 am
by Derell
chain=dstnat action=dst-nat to-addresses=my ip4 to-ports=1334
protocol=tcp dst-port=1334 log=no log-prefix=""
and
chain=dstnat action=dst-nat to-addresses=my ip4 to-ports=1337
protocol=tcp dst-port=1337 log=no log-prefix=""
Re: port forwarding
Posted: Sun Dec 04, 2016 8:38 am
by Derell
i tried port forwarding both of them none of them work
Re: port forwarding
Posted: Mon Dec 05, 2016 10:25 am
by tslytsly
chain=dstnat action=dst-nat to-addresses=my ip4 to-ports=1334
protocol=tcp dst-port=1334 log=no log-prefix=""
and
chain=dstnat action=dst-nat to-addresses=my ip4 to-ports=1337
protocol=tcp dst-port=1337 log=no log-prefix=""
OK, make sure you specify which interface the traffic will arrive in, so in each rule either add the interface or the IP of the interface as the destination.
Otherwise those rules will match
any traffic traversing the router on those ports.
Re: port forwarding
Posted: Thu Dec 08, 2016 1:16 am
by Derell
So What i should do
In interface or out interface
And What should i pick
Thanks btw u help ke This far
Re: port forwarding
Posted: Thu Dec 08, 2016 10:22 am
by dgnevans
Destination address if you have a static IP from your ISP Or In Interface and choose your wan interface as the traffic is coming in on that interface.
Re: port forwarding
Posted: Thu Dec 08, 2016 10:27 am
by tslytsly
This:
Destination address if you have a static IP from your ISP Or In Interface and choose your wan interface as the traffic is coming in on that interface.
If you are going to specify the interface you need to use
this is because you want to translate traffic arriving
in your WAN interface.
Re: port forwarding
Posted: Thu Dec 08, 2016 4:57 pm
by Derell
so if i just wanted to open the port
so that canyouseeme succses
what interface should i put thanks though
:):)