MikroTik

Community discussions
https://forum.mikrotik.com/

Filter + NAT port range problem

https://forum.mikrotik.com/viewtopic.php?t=33755

Page 1 of 1

Filter + NAT port range problem

Posted: Tue Jul 28, 2009 6:37 pm
by BloodShed
RouterOS version: 3.27

I'm pretty new at this.

My problem is that I have a port range (27000-27050 tcp and udp) that is forwarded from wan (62.242.x.x) to a pc on lan (192.168.0.100).
The problem is that only port 27015 is functional, every other port is a brick wall so to speak.

Here is the firewall filter
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Accept established connections
     chain=input action=accept connection-state=established in-interface=Wan 

 1   ;;; Accept related connections
     chain=input action=accept connection-state=related in-interface=Wan 

 2   ;;; Drop invalid connections
     chain=input action=drop connection-state=invalid in-interface=Wan 

 3   ;;; Allow Ping and other ICMP
     chain=input action=accept protocol=icmp in-interface=Wan 

 4   ;;; Drop unknown packets
     chain=input action=drop in-interface=Wan 

 5   ;;; Accept established connections
     chain=forward action=accept connection-state=established 

 6   ;;; Accept related connections
     chain=forward action=accept connection-state=related 

 7   ;;; Drop invalid connections
     chain=forward action=drop connection-state=invalid 

 8   chain=forward action=accept protocol=tcp dst-address=192.168.0.100 
     in-interface=Wan dst-port=27000-27050 

 9   chain=forward action=accept protocol=udp dst-address=192.168.0.100 
     in-interface=Wan dst-port=27000-27050
and NAT
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade src-address=192.168.0.0/24 
     out-interface=Wan 

 1   chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015 
     protocol=tcp dst-address=62.242.x.x dst-port=27000-27050 

 2   chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015 
     protocol=udp dst-address=62.242.x.x dst-port=27000-27050
This problem has been driving me nuts

Re: Filter + NAT port range problem

Posted: Tue Jul 28, 2009 6:51 pm
by BloodShed
Never mind human error strikes again :oops:

Re: Filter + NAT port range problem

Posted: Tue Jul 28, 2009 6:57 pm
by Still
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/24
out-interface=Wan

1 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=tcp dst-address=62.242.x.x dst-port=27000-27050

2 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=udp dst-address=62.242.x.x dst-port=27000-27050




Working as intended or am i missing something?

Re: Filter + NAT port range problem

Posted: Tue Jul 28, 2009 7:54 pm
by BloodShed
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/24
out-interface=Wan

1 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=tcp dst-address=62.242.x.x dst-port=27000-27050

2 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27015
protocol=udp dst-address=62.242.x.x dst-port=27000-27050




Working as intended or am i missing something?
yes to-ports= should have had a range instead of a single port
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/