Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
28964 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #1620447 31-Aug-2016 21:21
Send private message

You basically just need to replace my references to VLAN10 - UFB with "pppoe-out1"

 

At the end of the day though you REALLY need to understand what you're actually doing. RouterOS has a steep learning curve and isn't a product if you want a simple router. It's very easy to make your system highly insecure if you're not careful.

 

 




195 posts

Master Geek


  #1686738 12-Dec-2016 21:58
Send private message

Trying to setup port forwarding on the Mikrotik router now... but must be missing something simple. Shouldn't this work?

 

 

 

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=8790 in-interface=ether1
protocol=tcp to-addresses=192.168.88.5 to-ports=8790

 

 

 

Not sure if the 'masquerade' action should be there or not - I'm still learning RouterOS.

 

 

 

Many thanks in advance.


 
 
 
 


2123 posts

Uber Geek

Trusted

  #1686952 13-Dec-2016 10:47
Send private message

Use winbox to check the counters on that rule, it should be increasing as connection attempts are made. Also check that your deny rules are not increasing at the same time. Turn on logging at least temporarily for the relevant rules if required. Does the application your forwarding the data to only require tcp and not also udp?

Edit - Is ether1 your wan interface where the DHCP client is sitting?

28964 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #1687014 13-Dec-2016 11:59
Send private message

If you're using PPPoE (which I assume you are based on your masquerade rule for outbound) then the rule needs to use that - ether1 is not your main interface.

 

 




195 posts

Master Geek


  #1694035 22-Dec-2016 21:18
Send private message

Ok, I've changed it to the following and still no luck:

 

add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=8790 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.5 to-ports=8790

 

Btw, I'm using www.canyouseeme.org to check if the port is open.

 

Below are my filter rules in case that helps diagnose, and also see my interface list earlier in this thread:

 

/ip firewall filter
add action=accept chain=input comment="allow icmp wan" \
protocol=icmp
add action=accept chain=input comment="allow winbox wan" \
dst-port=8291 protocol=tcp
add action=accept chain=input comment=\
"allow established,related" connection-state=\
established,related
add action=add-src-to-address-list address-list=port_scanner \
address-list-timeout=1w chain=input comment="port scanner de\
tector & add port to port scanner blacklist for 7 days" \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=syn_flooder \
address-list-timeout=30m chain=input comment="syn flood dete\
ctor & add to syn flood blacklist for 30mins" \
connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=input comment=\
"drop from port scan blacklist" src-address-list=\
port_scanner
add action=drop chain=input comment=\
"drop from syn flood blacklist" src-address-list=\
syn_flooder
add action=drop chain=input comment="drop all from wan" \
in-interface=pppoe-out1
add action=fasttrack-connection chain=forward comment=\
"defcon: fasttrack" connection-state=established,related
add action=accept chain=forward comment=\
"allow established,related" connection-state=\
established,related
add action=drop chain=forward comment="drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"drop all from wan not DSTNATed" connection-nat-state=\
dstnat connection-state=new in-interface=pppoe-out1




195 posts

Master Geek


  #1700493 9-Jan-2017 12:28
Send private message

BUMP

 

Also, I'm thinking of switching to Bigpipe for UFB and using this router. Anyone know if they have good support people there that could help me with RouterOS? (rather than annoy people on this forum with my stupid questions)

 

Many thanks in advance.


/dev/null
9333 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1700494 9-Jan-2017 12:31
Send private message

mattyb:

 

BUMP

 

Also, I'm thinking of switching to Bigpipe for UFB and using this router. Anyone know if they have good support people there that could help me with RouterOS? (rather than annoy people on this forum with my stupid questions)

 

Many thanks in advance.

 

 

Yes they have good support and no they won't help you with RouterOS. You followed my Mikrotik guide? Other than that I think we've given you as much help as we possibly can I'm afraid. If you invest in a Mikrotik router you need to read the Wiki etc and be prepared to learn as they're not easy routers to configure.





1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Find X2 Lite brings flagship features to mid-range 5G smartphone
Posted 29-May-2020 12:52


Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.