Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

Need a helping hand with port forwarding  [SOLVED]

Post Reply
 
erzhalunke
just joined
Topic Author
Posts: 3
Joined: Mon May 27, 2024 11:37 am

Need a helping hand with port forwarding

Mon May 27, 2024 6:06 pm

Hello,
I am aware that this topic has already been discussed enough here, but I cannot find my mistake.
So far I have published services such as Plex via a VPN and this has worked quite well.
I recently got a routable IP from my provider and would like to implement port forwarding without a VPN.

Open port checkers tell me that the port is open and the counters count up for these requests.
The situation is different if I enter the external IP + port directly in the browser. The requests go nowhere and the counter does not count the access either.

As I have already read several times here, port forwarding is realized via NAT. I have also added a firewall rule regarding dst-nat.

I would be really grateful for any suggestions and help.

Code: Select all
[admin@Router] /ip/firewall> export
# 2024-05-27 17:05:32 by RouterOS 7.14.3
# software id = **ELIDED**
#
# model = RB4011iGS+
# serial number = **ELIDED**
/ip firewall address-list
add address=192.168.1.0/24 comment=LAN list=LAN
/ip firewall connection tracking
set udp-timeout=10s
/ip firewall filter
add action=drop chain=input comment="WAN -> FW | Ping blockieren" in-interface=ether1 protocol=icmp
add action=accept chain=input comment="ALLG. | Aufgebaute Verbindungen erlauben" connection-nat-state="" \
    connection-state=established,related
add action=accept chain=input comment="LAN -> FW | Zugriff zur Firewall" in-interface=bridge
add action=accept chain=input comment="LAN -> FW | Ping zur Firewall erlauben" in-interface=bridge \
    protocol=icmp
add action=accept chain=forward comment="ALLG. | Port-Forwarding" connection-nat-state=dstnat \
    in-interface-list=WAN
add action=drop chain=input comment="ALLG. | Alles ohne Verbindungsstatus blockieren" \
    connection-nat-state=""
add action=accept chain=forward comment="ALLG. | Aufgebaute Verbindungen erlauben" connection-state=\
    established,related
add action=accept chain=forward comment="LAN -> WAN | Internetzugriff" in-interface=bridge out-interface=\
    ether1
add action=drop chain=forward comment="ALLG. | Alles andere verwerfen" connection-nat-state="" \
    connection-state=""
/ip firewall nat
add action=dst-nat chain=dstnat comment="WAN -> LAN | Plex Portforwarding" dst-port=32400 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.1.9 to-ports=32400
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" dst-port=443 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.1.252
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" dst-port=80 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.1.252
add action=masquerade chain=srcnat comment="LAN -> WAN | Masquerade - Normales NAT" ipsec-policy=out,none \
    out-interface-list=WAN
Last edited by tangent on Mon May 27, 2024 6:20 pm, edited 1 time in total.
Reason: elided PII
Top
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1691
Joined: Thu Jul 01, 2021 3:15 pm
Contact:
Contact tangent

Re: Need a helping hand with port forwarding

Mon May 27, 2024 6:26 pm

I don't see what the actual problem is, but this rule needs to go:

Code: Select all
add action=accept chain=forward comment="ALLG. | Port-Forwarding" connection-nat-state=dstnat in-interface-list=WAN

As you can see from this packet flow diagram, it does you no good, the dst-nat chain being part of PREROUTING, thus ahead of both INPUT and FORWARD.

This also suggests that you should be saying "in-interface-list=WAN" instead of "in-interface=ether1" in the other rules to make them more portable across time and space.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 23318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Need a helping hand with port forwarding

Mon May 27, 2024 7:30 pm

Post the complete config for starters as the entire config is related more than you think.
Also due to the fact that your fw are crap IMHO, and the config is not set up at all for port forwarding in your scenario:
a. external users
b. internal users via lanip
c. internal users vial WANIP or dyndns name etc.. ( if server and users are in same subnet, then you have also hairpin nat problem )
Top
 
erzhalunke
just joined
Topic Author
Posts: 3
Joined: Mon May 27, 2024 11:37 am

Re: Need a helping hand with port forwarding

Mon May 27, 2024 8:23 pm

I feared something like that. I'm not particularly well versed in the subject, but I'm happy when I can learn something new. I have made a copy of the configuration.
@tangent: As soon as I deactivate the rule, no port is shown as open.
Code: Select all
# 2024-05-27 18:56:45 by RouterOS 7.14.3
# software id = XXX
#
# model = RB4011iGS+
# serial number = XXX
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=2.4GHz
add band=5ghz-n/ac name=5GHz
/interface bridge
add comment="LAN Bridge" name=bridge port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether3 ] comment=LAN
set [ find default-name=ether5 ] comment="Nicht konfiguriert"
/interface wireguard
add listen-port=51820 mtu=1420 name=wireguard1
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
    BridgeDP
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
    group-encryption=aes-ccm group-key-update=1h name=\
    "Wifi Security Settings"
/caps-man configuration
add channel=2.4GHz country=germany datapath=BridgeDP installation=indoor \
    name=2.4GHz security="Wifi Security Settings" ssid=\
    "XXX"
add channel=5GHz country=germany datapath=BridgeDP name=5GHz security=\
    "Wifi Security Settings" ssid="XXX"
/caps-man interface
add channel.frequency=2437 comment=WLAN configuration=2.4GHz disabled=no \
    l2mtu=1600 mac-address=48:A9:8A:F7:1A:C0 master-interface=none name=\
    2.4GHz-AP1 radio-mac=48:A9:8A:F7:1A:C0 radio-name=48A98AF71AC0
add channel.frequency=2467 configuration=2.4GHz disabled=no l2mtu=1600 \
    mac-address=48:8F:5A:E3:70:ED master-interface=none name=2.4GHz-AP2 \
    radio-mac=48:8F:5A:E3:70:ED radio-name=488F5AE370ED
add configuration=5GHz disabled=no l2mtu=1600 mac-address=48:A9:8A:F7:1A:C1 \
    master-interface=none name=5GHz-AP1 radio-mac=48:A9:8A:F7:1A:C1 \
    radio-name=48A98AF71AC1
add configuration=5GHz disabled=no l2mtu=1600 mac-address=48:8F:5A:E3:70:EE \
    master-interface=none name=5GHz-AP2 radio-mac=48:8F:5A:E3:70:EE \
    radio-name=488F5AE370EE
/interface list
add name=LAN
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.155
add name=pool-vpn ranges=192.168.11.100-192.168.11.199
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=1d name=DHCP_Sever
/port
set 0 name=serial0
set 1 name=serial1
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-enabled hw-supported-modes=g master-configuration=2.4GHz \
    name-format=prefix-identity name-prefix=2.4GHz
add action=create-enabled hw-supported-modes=ac master-configuration=5GHz \
    name-format=prefix-identity name-prefix=5GHz
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0,::/0 endpoint-address=XXX \
    endpoint-port=51820 interface=wireguard1 persistent-keepalive=25s \
    private-key="XXX" public-key=\
    "XXX"
/ip address
add address=192.168.1.254/24 interface=bridge network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=30m
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.1.109 client-id=1:2c:f0:5d:26:e7:c7 mac-address=\
    2C:F0:5D:26:E7:C7 server=DHCP_Sever
add address=192.168.1.17 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:de:d5:b4:d3:7c:31:76:9f mac-address=\
    CA:0C:4E:DF:4E:AE server=DHCP_Sever
add address=192.168.1.18 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:9e:5a:ac:a0:46:e3:1b:2 mac-address=\
    16:34:63:0B:88:40 server=DHCP_Sever
add address=192.168.1.19 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:90:d5:38:eb:3c:cf:36:c3 mac-address=\
    72:B3:4C:F5:9D:1B server=DHCP_Sever
add address=192.168.1.253 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:2b:83:df:c7:b:de:dc:4 mac-address=\
    72:A2:E5:B4:D4:0E server=DHCP_Sever
add address=192.168.1.124 mac-address=B0:F8:93:EF:BD:4E server=DHCP_Sever
add address=192.168.1.8 client-id=1:48:a9:8a:f7:1a:be mac-address=\
    48:A9:8A:F7:1A:BE server=DHCP_Sever
add address=192.168.1.6 client-id=1:48:8f:5a:e3:70:eb mac-address=\
    48:8F:5A:E3:70:EB server=DHCP_Sever
add address=192.168.1.13 mac-address=EC:B5:FA:9B:30:BF server=DHCP_Sever
add address=192.168.1.20 client-id=\
    ff:11:c1:5c:d7:0:1:0:1:2d:8:de:b9:bc:24:11:c1:5c:d7 mac-address=\
    BC:24:11:C1:5C:D7 server=DHCP_Sever
add address=192.168.1.21 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:6d:a2:2e:b8:5c:a1:ab:f6 mac-address=\
    BC:24:11:22:B2:C5 server=DHCP_Sever
add address=192.168.1.22 client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:b7:a1:cf:a4:ce:57:95:5c mac-address=\
    BC:24:11:E7:F6:9F server=DHCP_Sever
add address=192.168.1.23 client-id=1:2:fe:e8:f:2c:6e mac-address=\
    02:FE:E8:0F:2C:6E server=DHCP_Sever
add address=192.168.1.118 client-id=1:b8:27:eb:25:4e:48 mac-address=\
    B8:27:EB:25:4E:48 server=DHCP_Sever
add address=192.168.1.24 client-id=\
    ff:11:5:b4:c7:0:1:0:1:2d:46:25:f9:bc:24:11:5:b4:c7 mac-address=\
    BC:24:11:05:B4:C7 server=DHCP_Sever
add address=192.168.1.126 client-id=1:14:99:3e:dc:70:7a mac-address=\
    14:99:3E:DC:70:7A server=DHCP_Sever
add address=192.168.1.252 client-id=\
    ff:11:d8:bc:91:0:1:0:1:2d:e7:1c:f5:bc:24:11:d8:bc:91 mac-address=\
    BC:24:11:D8:BC:91 server=DHCP_Sever
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.253,8.8.8.8 gateway=\
    192.168.1.254 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.254 name=router.lan
/ip firewall address-list
add address=192.168.1.0/24 comment=LAN list=LAN
/ip firewall filter
add action=drop chain=input comment="WAN -> FW | Ping blockieren" \
    in-interface=ether1 protocol=icmp
add action=accept chain=input comment=\
    "ALLG. | Aufgebaute Verbindungen erlauben" connection-nat-state="" \
    connection-state=established,related
add action=accept chain=input comment="LAN -> FW | Zugriff zur Firewall" \
    in-interface=bridge
add action=accept chain=input comment=\
    "LAN -> FW | Ping zur Firewall erlauben" in-interface=bridge protocol=\
    icmp
add action=accept chain=forward comment="ALLG. | Port-Forwarding" \
    connection-nat-state=dstnat disabled=yes in-interface-list=WAN
add action=drop chain=input comment=\
    "ALLG. | Alles ohne Verbindungsstatus blockieren" connection-nat-state=""
add action=accept chain=forward comment=\
    "ALLG. | Aufgebaute Verbindungen erlauben" connection-state=\
    established,related
add action=accept chain=forward comment="LAN -> WAN | Internetzugriff" \
    in-interface=bridge out-interface=ether1
add action=drop chain=forward comment="ALLG. | Alles andere verwerfen" \
    connection-nat-state="" connection-state=""
/ip firewall nat
add action=dst-nat chain=dstnat comment="WAN -> LAN | Plex Portforwarding" \
    dst-port=32400 in-interface-list=WAN protocol=tcp to-addresses=\
    192.168.1.9 to-ports=32400
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" \
    dst-port=443 in-interface-list=WAN protocol=tcp to-addresses=\
    192.168.1.252
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" \
    dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.252
add action=masquerade chain=srcnat comment=\
    "LAN -> WAN | Masquerade - Normales NAT" ipsec-policy=out,none \
    out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip ports=5060,5064
set pptp disabled=yes
/ip route
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=0.0.0.0 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24 disabled=yes port=8080
set www-ssl address=192.168.1.0/24 port=44334
/ip traffic-flow
set interfaces=LAN
/ip upnp
set enabled=yes
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=DHCPv6 rapid-commit=no \
    request=prefix
/ipv6 firewall filter
add action=accept chain=input comment="ALLG. | Ping von WAN verbieten" \
    disabled=yes in-interface-list=!WAN protocol=icmpv6
add chain=input comment="ALLG. | Aufgebaute Verbindungen erlauben" \
    connection-state=established,related
add chain=input comment="ALLG. | DHCPv6 per WAN erlauben. Wenn mglich bei Src.\
    \_Address den DHCP-Server angeben!" dst-port=546 in-interface=ether1 \
    protocol=udp src-port=547
add action=drop chain=input comment="ALLG. | Ungltige Verbindungen verbieten" \
    connection-state=invalid
add action=drop chain=input comment="WAN -> FW | Neue Verbindungen verbieten" \
    connection-state=new in-interface=ether1
add chain=forward comment="ALLG. | Ping erlauben" protocol=icmpv6
add chain=forward comment="ALLG. | Aufgebaute Verbindungen gestatten" \
    connection-state=established,related
add chain=forward comment=\
    "ALLG. | Aufgebaute Verbindungen von intern erlauben" connection-state=\
    new in-interface=!ether1
add action=drop chain=forward comment=\
    "ALLG. | Ungltige Verbindungen verwerfen" connection-state=invalid
add action=drop chain=forward comment=\
    "WAN -> FW | Neue Verbindungen verwerfen" connection-state=new \
    in-interface=ether1
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=Router
/system note
set show-at-login=no
/system resource irq rps
set sfp-sfpplus1 disabled=no
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 23318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Need a helping hand with port forwarding  [SOLVED]

Mon May 27, 2024 8:52 pm

The easiest solution IMHO is to put the server in a different subnet then the users but if not......
By the way will be in Berlin, for one afternoon, evening and part of next morning ( a monday ), staying near friederichstrabe station.
Any recommendations for things to do? and what to avoid!!!

After reviewing the config, I have to ask, what is the purpose of your wireguard?
It would appear you are connecting some sort of 3rd party provider??
Yet you have no wireguard address and no wg routing and no indication of any of your users using wireguard ???

You do have one route but its nonsensical.

That aside will focus only on firewall rules changes.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

/ip firewall filter
add action=accept chain=input comment=\
"ALLG. | Aufgebaute Verbindungen erlauben" connection-nat-state="" \
connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="icmp ping allowed is a good thing" protocol=icmp
======================================
add action=accept chain=input comment="LAN -> FW | Zugriff zur Firewall" \
in-interface=bridge
add action=drop chain=input comment="Drop all else" { ensure you add this rule last }
++++++++++++++++++++++++++++++++++++++++
add action=fasttrack-connection ccept chain=forward comment=\
"ALLG. | Aufgebaute Verbindungen erlauben" connection-state=\
established,related
add action=accept chain=forward comment=\
"ALLG. | Aufgebaute Verbindungen erlauben" connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
========================================
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="Port-Forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"

/ip firewall address-list
add address=ipcloud-name list=MyWAN comment="use your router URL --> my netname"

/ip firewall nat
add action=dst-nat chain=dstnat comment="WAN -> LAN | Plex Portforwarding" \
dst-port=32400 dst-address-list=MyWAN protocol=tcp to-addresses=\
192.168.1.9 to-ports=32400
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" \
dst-port=443 dst-address-list=MyWAN protocol=tcp to-addresses=\
192.168.1.252
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" \
dst-port=80dst-address-list=MyWAN protocol=tcp to-addresses=192.168.1.252
+++++++++++++++++++++++++++++++++++++++++++++++++++
add action=masquerade chain=srcnat comment="hairpin" src-address=192.168.1.0/24 dst-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=\
"LAN -> WAN | Masquerade - Normales NAT" ipsec-policy=out,none \
out-interface-list=WAN
Top
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1691
Joined: Thu Jul 01, 2021 3:15 pm
Contact:
Contact tangent

Re: Need a helping hand with port forwarding

Mon May 27, 2024 8:55 pm

Code: Select all
/ip firewall filter
add action=drop chain=input comment="WAN -> FW | Ping blockieren" \
    in-interface=ether1 protocol=icmp

This is a bad idea.

Code: Select all
add action=drop chain=forward comment="ALLG. | Alles andere verwerfen" \
connection-nat-state="" connection-state=""

You've modified that from the default configuration, breaking it.
Top
 
erzhalunke
just joined
Topic Author
Posts: 3
Joined: Mon May 27, 2024 11:37 am

Re: Need a helping hand with port forwarding

Mon May 27, 2024 9:47 pm

The easiest solution IMHO is to put the server in a different subnet then the users but if not......
By the way will be in Berlin, for one afternoon, evening and part of next morning ( a monday ), staying near friederichstrabe station.
Any recommendations for things to do? and what to avoid!!!

After reviewing the config, I have to ask, what is the purpose of your wireguard?
It would appear you are connecting some sort of 3rd party provider??
Yet you have no wireguard address and no wg routing and no indication of any of your users using wireguard ???

You do have one route but its nonsensical.

That aside will focus only on firewall rules changes.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

/ip firewall filter
add action=accept chain=input comment=\
"ALLG. | Aufgebaute Verbindungen erlauben" connection-nat-state="" \
connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="icmp ping allowed is a good thing" protocol=icmp
======================================
add action=accept chain=input comment="LAN -> FW | Zugriff zur Firewall" \
in-interface=bridge
add action=drop chain=input comment="Drop all else" { ensure you add this rule last }
++++++++++++++++++++++++++++++++++++++++
add action=fasttrack-connection ccept chain=forward comment=\
"ALLG. | Aufgebaute Verbindungen erlauben" connection-state=\
established,related
add action=accept chain=forward comment=\
"ALLG. | Aufgebaute Verbindungen erlauben" connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
========================================
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="Port-Forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"

/ip firewall address-list
add address=ipcloud-name list=MyWAN comment="use your router URL --> my netname"

/ip firewall nat
add action=dst-nat chain=dstnat comment="WAN -> LAN | Plex Portforwarding" \
dst-port=32400 dst-address-list=MyWAN protocol=tcp to-addresses=\
192.168.1.9 to-ports=32400
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" \
dst-port=443 dst-address-list=MyWAN protocol=tcp to-addresses=\
192.168.1.252
add action=dst-nat chain=dstnat comment="WAN -> LAN | nginx Portforwarding" \
dst-port=80dst-address-list=MyWAN protocol=tcp to-addresses=192.168.1.252
+++++++++++++++++++++++++++++++++++++++++++++++++++
add action=masquerade chain=srcnat comment="hairpin" src-address=192.168.1.0/24 dst-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=\
"LAN -> WAN | Masquerade - Normales NAT" ipsec-policy=out,none \
out-interface-list=WAN
I wish you lots of fun in Germany. Berlin is not a city I would want to live in, but you can certainly see one or two things. Try our beer (not Berliner Kindl, which tastes terrible) and look for a bourgeois restaurant. You'll be thrilled.

I can't tell you how grateful I am. Your solution works perfectly.

Reminder to me: save the configuration urgently.

@tangent Thank you also for your efforts.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 23318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Need a helping hand with port forwarding

Tue May 28, 2024 12:10 am

I will be mostly in brandenburg an der havel for some 'recreational' rowing.
Top
Post Reply
  4. RouterOS
  5. Forwarding Protocols