Specify a dst-address or in-interface Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Jun 7, 2014 4:15 PM, "Casey Mills" <wkm...@gmail.com> wrote:
> I was pretty big into Mikrotik in years past, but haven't been active in > some time. > > I just picked up a RB2011 and want to forward ports 80, 443, and 50500 for > my network storage device. When I dstnat those ports below it kills my > ability to browse using a device on the inside of my network. This has to > be something simple, please help. > > I'm not sure how traffic originating from the outside and destined for my > network storage is treated. Ideally it should be handled by the forward > chain, but it will have a destination IP of the WAN side of the router. So > that makes me think imput chain. > > > /ip firewall filter > add chain=input protocol=icmp > add chain=input connection-state=established > add chain=input connection-state=related > add action=drop chain=input in-interface=ether1-gateway > add chain=forward connection-state=established > add chain=forward connection-state=related > add action=drop chain=forward connection-state=invalid > > > /ip firewall nat > add action=masquerade chain=srcnat out-interface=ether1-gateway > to-addresses=0.0.0.0 > add action=dst-nat chain=dstnat comment=Foscam-1 dst-port=8080 protocol=tcp > to-addresses=192.168.55.200 to-ports=8080 > add action=dst-nat chain=dstnat comment=Foscam-2 dst-port=8081 protocol=tcp > to-addresses=192.168.55.201 to-ports=8081 > add action=dst-nat chain=dstnat comment=IX2 disabled=yes > dst-address-type="" dst-port=80 protocol=tcp to-addresses=192.168.55.54 > to-ports=80 > add action=dst-nat chain=dstnat comment=IX2 disabled=yes > dst-address-type="" dst-port=443 protocol=tcp to-addresses=192.168.55.54 > to-ports=443 > add action=dst-nat chain=dstnat comment=IX2 disabled=yes dst-port=50500 > protocol=tcp to-addresses=192.168.55.54 to-ports=50500 > add action=dst-nat chain=dstnat comment=Casey7-RDP dst-port=3389 > protocol=tcp to-addresses=192.168.55.52 to-ports=3389 > add action=dst-nat chain=dstnat comment=HTPC7-Plex dst-port=32400 > protocol=tcp to-addresses=192.168.55.50 to-ports=32400 > add action=dst-nat chain=dstnat comment=HTPC7-CetonApp dst-port=5832 > protocol=tcp to-addresses=192.168.55.50 to-ports=5832 > > > Thanks, > Casey > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140607/7f0955d3/attachment.html > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140607/8d53a5d4/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
