Hey Guys,

Simple question really.

After I get a NAT firewall setup in the common way using masquerading, what do I have to do to enable all traffic through all ports?

Clients can't check their mail, they can only surf the web, etc. with the example NAT method.

Any suggestions? I think it ought to be simple.

Adam

By default there are no rules that are blocking traffic on ports.
Check firewall filter rules, probably you have added rule that blocks other ports.

No, it is out of the box stock with the exception of it being configured with that src-nat masuqerade rule across the two devices.

Any other ideas?

Adam

Post your NAT setup here.

Regards

Andrew

I've exactly the same problem, and here you have my nat config:

admin@MikroTik] > ip firewall export
# jun/20/2007 14:28:27 by RouterOS 2.9.6
# software id = XITP-3WT
#
/ ip firewall nat
add chain=srcnat action=masquerade comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m \
tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set mms disabled=no
set gre disabled=yes
set pptp disabled=yes

Thanks in advance

You need to specify an interface in the masquerade nat rule. e.g. from the manual
Regards

Andrew

i would also suggest to buy mikrotik RouterOS license, but if you want to try RouterOS then install latest version it will be usable for 24 hours (actual uptime of the router).