MikroTik

Community discussions
https://forum.mikrotik.com/

Port Forwarding Advice Needed

https://forum.mikrotik.com/viewtopic.php?t=88189

Page 1 of 1

Port Forwarding Advice Needed

Posted: Mon Aug 18, 2014 12:32 pm
by innocentdevil
Hi I wonder if I can get some advice please. I am familiar with mikrotiks but having a nightmare.

I have recently moved a datacentre to another one and the servers in questions are hyper-v replica servers.

I have managed to get them on the internet and dns records are pointed to the right IP.

I have having problems forwarding the replication traffic from the internet to those servers behind the mikrotik.

The port in question is 8888 and the the internal IP address of the replica server is 192.168.88.30.

The replica servers have their own IP range and a DC which dishes out IP to them. the subnet is 192.168.88.1/24.

The servers go to their own mini switch and then ports through to mikrotik port 9 which is internet facing.

The mikrotik in question also has other ports enabled which provide Leased Lines to our customers and they have separate external IP addresss.

I have been trying to configure the NAT but been failing.

I have created a dst-nat rule to forward all the traffic to IP address of the replica server which is 192.168.88.30 but its still not letting the traffic through.

Can someone point me to the right direction please.

thanks in advance.
Kash

Re: Port Forwarding Advice Needed

Posted: Mon Aug 18, 2014 1:16 pm
by innocentdevil
looks like I have got it working somehow.

Re: Port Forwarding Advice Needed

Posted: Mon Aug 18, 2014 2:30 pm
by CelticComms
In addition to the DST NAT rules you would need to allow the traffic in the forward chain (IP Firewall / Filters).

Re: Port Forwarding Advice Needed

Posted: Tue Aug 26, 2014 5:02 pm
by DanPrs
I cannot get this to work. I'm trying to forward a port for Plex but the service is not able to get onto the WAN.

Image

In action I chose
Code: Select all
add dst to address list
.

And here's the output from the terminal.
Code: Select all
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=add-dst-to-address-list address-list=10.10.10.2 chain=forward \
    comment=Plex dst-port=32400 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=CouchPotato dst-port=5050 \
    in-interface=ether1-gateway protocol=tcp to-addresses=10.10.10.3 \
    to-ports=5050
add action=dst-nat chain=dstnat comment=SickBeard dst-port=8081 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.4 to-ports=8081
add action=dst-nat chain=dstnat comment=Transmission dst-port=9091 \
    in-interface=ether1-gateway protocol=tcp to-addresses=10.10.10.5 \
    to-ports=9091
add action=dst-nat chain=dstnat comment=BTSync dst-port=8888 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.6 to-ports=8888
add action=dst-nat chain=dstnat comment=Headphones dst-port=8181 \
    in-interface=ether1-gateway protocol=tcp to-addresses=10.10.10.9 \
    to-ports=8181
add action=dst-nat chain=dstnat comment=FreeNAS dst-port=442 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.20 to-ports=442
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 in-interface=\
    ether1-gateway protocol=tcp to-addresses=10.10.10.2 to-ports=32400

Re: Port Forwarding Advice Needed

Posted: Tue Aug 26, 2014 5:59 pm
by Emile
PS: Put all your dst-nat rules before the masquerade rules.

Re: Port Forwarding Advice Needed

Posted: Tue Sep 09, 2014 12:29 pm
by innocentdevil
cheers. that got sorted long ago.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/