MikroTik

Hi guys,
About 2 years ago i setup a fedora server OS as a gateway. it's too hard to set every things you want but i found Mikrotik os 2.9 do every things that i want in easy way, this is a very nice OS.
recently i setup a mikrotik server with mikrotik 2.9 OS and set a simple firewall, webproxy, DNS Service & Hotspot.
i wanna to enable port forwarding for Windows Remote Desktop to remote the systems behind gateway.
I didn't block udp port of Remote Desktop (3389).
i set a DNat;
chain=dstnat in-interface=External dst-address=89.185.180.21 protocol=udp dst-port=3389
action=dst-nat to-addresses=192.168.10.154 to-ports=3389
i had a SNat;
chain=srcnat out-interface=External src-address=192.168.10.0/24 action=src-nat
to-addresses=89.185.180.21 to-ports=0-65535
it didn't work,although i added a rule to enable the udp 3389 port but it didn't work in Forward chain udp protocol jump to udp chain & i block only this port on this chain;
69,111,135,137-139 & 2048 and open any other port.
i forgot to say the hotspot of 192.168.10.154 user was login,
but it doesn't work i think it because of bad port forwarding


pls help me,

Hey,


I'm not windows admin, but Terminal port is 3389 TCP, no?

Just checking...


Jorge

Hi,
Thanks Thiele,that's correct,it is TCP. But it doesn't work yet i opened 3389 tcp and udp, it doesn't work then i disable all firewall rule, not happend. when i see the connections in firewall\connections\tcp state it's gonna be established then after some seconds(around 3or4 seconds) it's going to close and remote desktop going to idle mode then Remote going out without any error. finally i opened my valid ip in all port i mean;

chain=input src-address=85.15.2.2 action=accept
chain=forward src-address=85.15.2.2 action=accept

I've done it on Fedora OS without hotspot&DNS it worked but now i can't on this good OS.
If you wanna know any additional info i'll do it.
please help i don't have enough time.

Hi guys
it works on other port and another application but not at remote desktop

Can you post your firewall rules? at least forward and nat.

Hi
Yes i can, it simple firewall
/ip firewall filter
add chain=forward src-address=0.0.0.0/8 action=drop comment="bogons block"
add chain=forward dst-address=0.0.0.0/8 action=drop
add chain=forward src-address=127.0.0.0/8 action=drop
add chain=forward dst-address=127.0.0.0/8 action=drop
add chain=forward src-address=224.0.0.0/3 action=drop
add chain=forward dst-address=224.0.0.0/3 action=drop
add chain=forward protocol=tcp action=jump jump-target=tcp
add chain=forward protocol=udp action=jump jump-target=udp
add chain=forward protocol=icmp action=jump jump-target=icmp
add chain=forward protocol=tcp connection-state=invalid \
action=drop comment="drop invalid connections"
add chain=forward connection-state=established action=accept \
comment="allow already established connections"
add chain=forward connection-state=related action=accept \
comment="allow related connections"

chain=dstnat in-interface=External dst-address=79.175.*.* protocol=tcp dst-port=3389
action=dst-nat to-addresses=192.168.10.191 to-ports=3389

1 chain=dstnat src-address=192.168.10.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128

2 chain=srcnat out-interface=External src-address=192.168.10.0/24 action=src-nat
to-addresses=79.175.*.* to-ports=0-65535

Ok, I'm so sorry, Remote doesn't work in private net too .
I haven't seen like that in windows net although i know it's not because linux server.
I dont know what's the problem.