Hi,

I am using RB49AH at home, and want udp 8021 to be forwarded to internal 172.16.1.111 address. Here is my configuration I use:

/ip firewall filter
add action=accept chain=output comment="" disabled=no src-address=\
172.16.1.111
/ip firewall nat
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
78.128.xxx.xxx dst-port=8021 protocol=udp to-addresses=172.16.1.111 \
to-ports=8021
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
78.128.xxx.xxx dst-port=8021 protocol=tcp to-addresses=172.16.1.111 \
to-ports=8021
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=44645 \
in-interface=ether1 protocol=tcp to-addresses=172.16.1.118 to-ports=44645
add action=src-nat chain=srcnat comment="" disabled=no src-address=\
172.16.1.118 to-addresses=78.128.xxx.xxx
add action=src-nat chain=srcnat comment="" disabled=no src-address=\
172.16.1.111 to-addresses=78.128.xxx.xxx
add action=masquerade chain=srcnat comment="" disabled=no

/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
78.128.xxx.xxx scope=30 target-scope=10

The port forwarding for 8021 is user for TV sharing, and winbox shows that there are packets going to .111 but the tv screen is black. When I switch the router with a wrt54gl linksys tv is going on. So, I have tried to use "in interface" ether1 instead "dst address" but the same. This "trick" was useful a month ago, when had the same problem. Then I added src-nat to the .111 address and put it before the masquerade. Still no TV. But when I deleted the masquerade, TV shines on. I created back the masquerade and everything was ok. That was yeasterday. Now I had to delete and create back the masquerade to turn the TV on. Another interesting moment is that the port 44645 forwarded to 118 is used for utorrent which stays with yellow or red icon showing that is not connectable. But when I test the port forwarding at the settings menu of utorrent, it say that the 44645 is opened. The router was with 3.23 firmware, but yesterday I upgraded to 3.25 hoping to resolve the problem.
Am I missing something from the firewall/NAT fundamentals or what? I'm confused.

http://wiki.mikrotik.com/wiki/Forwardin ... nternal_IP

Yes, that is what I'm doing. The strange is that it works with port 5900 to .118 with VNC, but the udp-packets to .111 not exactly.