Page 1 of 1
port fowarding in v2.8
Posted: Fri Jul 09, 2004 11:11 pm
by mrirh
Hello,
How can I forward specific ports from the outside, from an address on the Public nic, to an internal address on the Local network?
For example, all ftp traffic to public address 10.0.0.2 (an IP address on the Public nic) on ports 20 & 21 are routed to the internal address of 192.168.0.2 (an IP address for a server on the local network), on ports 20 & 21. Also, should the filter rule be created on a new filter chain?
I've read the Firewalll rules in the manual, but nothing is getting through.
Any help would be greatly appreciated.
jp
Posted: Fri Jul 09, 2004 11:36 pm
by cmit
You should add a destination-nat rule in the firewall section to create the redirection, e.g.
/ip firewall dst-nat add dst-address=10.0.0.2 dst-netmask=255.255.255.255 dst-port=20 to-dst-address=192.168.0.2 to-dst-port=20 protocol=tcp action=nat
(from memory - please check syntax!)
and then a rule in the forward chain to permit the (already dst-natted!) traffic, e.g. something like
/ip firewall rule forward add in-interface=ether-public dst-address=192.168.0.2/32 dst-port=20 protocol=tcp action=accept
You'll probably have to adjust this a little bit, but this should get you the idea... (The above two commands just forward port 20, of course...)
Posted: Sun Jul 18, 2004 7:17 am
by X9X0
All of this is usefull , and works, But how would you specify the "dst-address" if the address is retrieved via DHCP? So how would you apply this exact rule in the situation that the public IP may change at some point. Not that mine ever has changed as long as it's active..... but if If the CMTS at the ISP ever went down, all of the port forwarding rules would have to be re-entered on my end.
Posted: Sun Jul 18, 2004 11:22 am
by cmit
You could for example simply dst-nat all traffic coming in on your "WAN" interface, something like
/ip firewall dst-nat add in-interface=ether-wan dst-port=20 to-dst-address=192.168.0.2 to-dst-port=20 protocol=tcp action=nat
Posted: Sun Jul 18, 2004 11:39 am
by X9X0
excellent , thank you for all your help..
Re: port fowarding in v2.8
Posted: Fri Apr 12, 2019 2:58 pm
by gurunge12
Hello everyone,
Kindly request for kind assists, I tried to port forward the biometric device (whose ip is 192.168.88.49) and router IP is in public. I followed every blogs and solution from the post but it is not working.
Code:
1 ;;; Biometric Device port forwarding
chain=dstnat action=dst-nat to-addresses=192.168.88.49 to-ports=4370 protocol=tcp dst-address=103.x.x.24 dst-port=4370
Hoping for the early response.
with regards,
Anil
Re: port fowarding in v2.8
Posted: Fri Jun 11, 2021 7:53 pm
by johnii
hey, thanks for the help
.