Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Mikrotik RB951G-2HnD on Spark Fibre
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1620447 31-Aug-2016 21:21
Send private message

You basically just need to replace my references to VLAN10 - UFB with "pppoe-out1"

 

At the end of the day though you REALLY need to understand what you're actually doing. RouterOS has a steep learning curve and isn't a product if you want a simple router. It's very easy to make your system highly insecure if you're not careful.

 

 



mattyb

254 posts

Ultimate Geek


  #1686738 12-Dec-2016 21:58
Send private message

Trying to setup port forwarding on the Mikrotik router now... but must be missing something simple. Shouldn't this work?

 

 

 

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=8790 in-interface=ether1
protocol=tcp to-addresses=192.168.88.5 to-ports=8790

 

 

 

Not sure if the 'masquerade' action should be there or not - I'm still learning RouterOS.

 

 

 

Many thanks in advance.

MadEngineer
4305 posts

Uber Geek

Trusted

  #1686952 13-Dec-2016 10:47
Send private message

Use winbox to check the counters on that rule, it should be increasing as connection attempts are made. Also check that your deny rules are not increasing at the same time. Turn on logging at least temporarily for the relevant rules if required. Does the application your forwarding the data to only require tcp and not also udp?

Edit - Is ether1 your wan interface where the DHCP client is sitting?




You're not on Atlantis anymore, Duncan Idaho.



sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1687014 13-Dec-2016 11:59
Send private message

If you're using PPPoE (which I assume you are based on your masquerade rule for outbound) then the rule needs to use that - ether1 is not your main interface.

 

 

mattyb

254 posts

Ultimate Geek


  #1694035 22-Dec-2016 21:18
Send private message

Ok, I've changed it to the following and still no luck:

 

add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=8790 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.5 to-ports=8790

 

Btw, I'm using www.canyouseeme.org to check if the port is open.

 

Below are my filter rules in case that helps diagnose, and also see my interface list earlier in this thread:

 

/ip firewall filter
add action=accept chain=input comment="allow icmp wan" \
protocol=icmp
add action=accept chain=input comment="allow winbox wan" \
dst-port=8291 protocol=tcp
add action=accept chain=input comment=\
"allow established,related" connection-state=\
established,related
add action=add-src-to-address-list address-list=port_scanner \
address-list-timeout=1w chain=input comment="port scanner de\
tector & add port to port scanner blacklist for 7 days" \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=syn_flooder \
address-list-timeout=30m chain=input comment="syn flood dete\
ctor & add to syn flood blacklist for 30mins" \
connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=input comment=\
"drop from port scan blacklist" src-address-list=\
port_scanner
add action=drop chain=input comment=\
"drop from syn flood blacklist" src-address-list=\
syn_flooder
add action=drop chain=input comment="drop all from wan" \
in-interface=pppoe-out1
add action=fasttrack-connection chain=forward comment=\
"defcon: fasttrack" connection-state=established,related
add action=accept chain=forward comment=\
"allow established,related" connection-state=\
established,related
add action=drop chain=forward comment="drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"drop all from wan not DSTNATed" connection-nat-state=\
dstnat connection-state=new in-interface=pppoe-out1

mattyb

254 posts

Ultimate Geek


  #1700493 9-Jan-2017 12:28
Send private message

BUMP

 

Also, I'm thinking of switching to Bigpipe for UFB and using this router. Anyone know if they have good support people there that could help me with RouterOS? (rather than annoy people on this forum with my stupid questions)

 

Many thanks in advance.

michaelmurfy
meow
13274 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1700494 9-Jan-2017 12:31
Send private message

mattyb:

 

BUMP

 

Also, I'm thinking of switching to Bigpipe for UFB and using this router. Anyone know if they have good support people there that could help me with RouterOS? (rather than annoy people on this forum with my stupid questions)

 

Many thanks in advance.

 

 

Yes they have good support and no they won't help you with RouterOS. You followed my Mikrotik guide? Other than that I think we've given you as much help as we possibly can I'm afraid. If you invest in a Mikrotik router you need to read the Wiki etc and be prepared to learn as they're not easy routers to configure.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright