MikroTik

I just got back into using mikrotik after a couple year hiatus, and am stumped on a simple setup. Im just trying to forward ports 80,25,nad 443 to my internal web/smtp server.Im hoping someone has a super easy solution that im not seeing from missing a few OS versions since 2.9. Im currently on 5.25 on a ppc board. i have 2 ethernet ports live, one with a public, 12.37.36.74/28, and internal lan 172.30.0.1/24. i have a simple web device for testing thats accessable from the inside. Ive changed the webfig port to 8087, and can access it there, and have also turned it completely off a time or 2 to make sure it wasnt causing problems. I cannot get port 80 to map thru to my webserver. I have 3 forwarding rules for port 3389 working fine. See nat config below, any help would be greatly appreciated!! thanks-

/ip firewall nat

add action=masquerade chain=srcnat disabled=no out-interface=public
add action=dst-nat chain=dstnat disabled=no dst-address=12.37.36.74 dst-port=\
80 protocol=tcp to-addresses=172.30.0.251 to-ports=80

these 3 rules are working, the above rule sees the traffic hit the nat, but doesnt pass thru

add action=dst-nat chain=dstnat disabled=no dst-address=12.37.36.74 dst-port=\
3389 protocol=tcp to-addresses=172.30.0.10 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-address=12.37.36.75 dst-port=\
3389 protocol=tcp to-addresses=172.30.0.11 to-ports=3389
add action=dst-nat chain=dstnat disabled=no dst-address=12.37.36.76 dst-port=\
3389 protocol=tcp to-addresses=172.30.0.12 to-ports=3389

There isnt a firewall filter applied currently, and the router is brand new.

Check your rules!
Inside to external Ip addreses are missing.
You can masquerad or map each internal address strict to an external address.


Gesendet von meinem HTC Flyer P510e mit Tapatalk 2

Check your rules!
Inside to external Ip addreses are missing.
You can masquerad or map each internal address strict to an external address.


Gesendet von meinem HTC Flyer P510e mit Tapatalk 2

thanks for the info! i only have one public ip, do i still need to map it outbound?

All the other rules work to the same devices on ports other than 80,443, and 25. Is it possible theres some service thats running on those ports
thats interfering with the mapping?

Is there a firewall on the local system preventing connection?

Is there a firewall on the local system preventing connection?

The ISP has informed us that they have provided us with a bridged fiber to ethernet connection, and that it isnt firewalled.

I ment the system you are connecting to

I ment the system you are connecting to

I have 3 separate devices to test with on the internal network-
1- microsoft exchange 2010- not fully setup- posts a generic webpage
2- Microsoft iis 7, not fully setup with https webpage
3- apache web server hosting VM ware client download, https also- fully setup except it gives you certificate error in IE to get to the https page.

Have the same issues with all of them, no connection from the outside public ip, just hangs.