Hello
Im setup my new router configuration, new Vlans and fail-over, but im not able to make it work as before with forwarding ports from ISP to lokal devices as it was before.
I don't know what else could i check to make it work, or what kind of mistake im doing.
Can someone please check it for me - maybe i misunderstand something :/
de device im trying to connect is connected do vlan10 - but its connected to the switch on port ether1 - that is untagged, so device im connecting for sure its working, its pingable, inside my network but somehow im not able to make it work on dstnat:
add action=dst-nat chain=dstnat comment="Port 8000 " disabled=yes dst-port=38123 in-interface=ether2-WAN_Darnet protocol=tcp to-addresses=192.168.10.150 to-ports=8000
add action=dst-nat chain=dstnat comment="Port 8001 " disabled=yes dst-port=38124 in-interface=ether2-WAN_Darnet protocol=tcp to-addresses=192.168.10.151 to-ports=8000
When im listening on sniffer the ip addresss 192.168.10.150, and try to connect to this device on port 38123 on my global IP from internet, i can see that thie packages are redirected to
LAN_10_PF then to bridg1 and then to ether1-LAN but there is nothing in logs later - like response from this ip address...
Im setup my new router configuration, new Vlans and fail-over, but im not able to make it work as before with forwarding ports from ISP to lokal devices as it was before.
I don't know what else could i check to make it work, or what kind of mistake im doing.
Can someone please check it for me - maybe i misunderstand something :/
de device im trying to connect is connected do vlan10 - but its connected to the switch on port ether1 - that is untagged, so device im connecting for sure its working, its pingable, inside my network but somehow im not able to make it work on dstnat:
add action=dst-nat chain=dstnat comment="Port 8000 " disabled=yes dst-port=38123 in-interface=ether2-WAN_Darnet protocol=tcp to-addresses=192.168.10.150 to-ports=8000
add action=dst-nat chain=dstnat comment="Port 8001 " disabled=yes dst-port=38124 in-interface=ether2-WAN_Darnet protocol=tcp to-addresses=192.168.10.151 to-ports=8000
When im listening on sniffer the ip addresss 192.168.10.150, and try to connect to this device on port 38123 on my global IP from internet, i can see that thie packages are redirected to
LAN_10_PF then to bridg1 and then to ether1-LAN but there is nothing in logs later - like response from this ip address...
Code:
/interface bridgeadd name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] name=ether1-LANset [ find default-name=ether2 ] mac-address=xxxxxxxxxxxxxx name=ether2-WAN_Darnetset [ find default-name=ether3 ] name=ether3-LAN_AccessPointset [ find default-name=ether4 ] name=ether4-WAN_Rybnetset [ find default-name=ether5 ] name=ether5-LAN_POE/interface vlanadd interface=bridge1 name=LAN_10_PF vlan-id=10add interface=bridge1 name=LAN_20_PF vlan-id=20add interface=bridge1 name=MGMTVlan88 vlan-id=88add interface=bridge1 name=WAN_PF_to_GM vlan-id=100/interface listadd name=WANadd name=LAN/ip pooladd name=dhcp_pool_vlan10 ranges=192.168.10.2-192.168.10.100add name=dhcp_pool_vlan20 ranges=192.168.20.2-192.168.20.100/ip dhcp-serveradd address-pool=dhcp_pool_vlan10 interface=LAN_10_PF lease-time=1d name=dhcp_vlan10add address-pool=dhcp_pool_vlan20 interface=LAN_20_PF lease-time=1d name=dhcp_vlan20/portset 0 name=serial0/routing tableadd disabled=no fib name=to_WAN_Darnetadd disabled=no fib name=to_WAN_Rybnet/interface bridge portadd bridge=bridge1 interface=ether1-LAN pvid=10add bridge=bridge1 interface=ether3-LAN_AccessPoint pvid=10add bridge=bridge1 interface=ether5-LAN_POE pvid=10/ip neighbor discovery-settingsset discover-interface-list=!dynamic/ipv6 settingsset disable-ipv6=yes/interface bridge vlanadd bridge=bridge1 tagged=bridge1 untagged=ether1-LAN,ether3-LAN_AccessPoint,ether5-LAN_POE vlan-ids=10add bridge=bridge1 tagged=ether1-LAN,ether3-LAN_AccessPoint,ether5-LAN_POE,bridge1 vlan-ids=20add bridge=bridge1 tagged=ether1-LAN vlan-ids=100add bridge=bridge1 tagged=bridge1,ether1-LAN vlan-ids=88/interface list memberadd interface=ether2-WAN_Darnet list=WANadd interface=ether4-WAN_Rybnet list=WANadd interface=ether1-LAN list=LANadd interface=ether3-LAN_AccessPoint list=LANadd interface=ether5-LAN_POE list=LAN/ip addressadd address=10.0.10.1/30 interface=WAN_PF_to_GM network=10.0.10.0add address=192.168.10.1/24 interface=LAN_10_PF network=192.168.10.0add address=10.0.5.2/30 interface=ether4-WAN_Rybnet network=10.0.5.0add address=192.168.88.11/24 interface=MGMTVlan88 network=192.168.88.0add address=192.168.20.1/25 interface=LAN_20_PF network=192.168.20.0/ip dhcp-clientadd comment=defconf interface=ether2-WAN_Darnet/ip dhcp-server lease........./ip dhcp-server networkadd address=192.168.10.0/24 boot-file-name=pxelinux.0 dns-server=192.168.10.1 gateway=192.168.10.1 next-server=192.168.10.97add address=192.168.20.0/25 gateway=192.168.20.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8,8.8.4.4/ip dns static/ip firewall address-listadd address=66.254.114.239 list=block_IPSadd address=66.254.114.41 list=block_IPSadd address=185.88.181.3 list=block_IPS/ip firewall filteradd action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yesadd action=accept chain=input protocol=icmpadd action=drop chain=input comment="Drop Invalid Input" connection-state=invalid,new in-interface-list=WANadd action=accept chain=input src-address=192.168.0.0/16add action=accept chain=input comment="defconf: accept established,related" connection-state=established,relatedadd action=accept chain=input comment="defconf: accept established,related" connection-state=established,relatedadd action=drop chain=input comment="Drop All other"add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,relatedadd action=drop chain=forward comment="Drop Invalid Forward" connection-state=invalidadd action=drop chain=forward dst-address-list=block_IPS dst-port=1-60000 log=yes log-prefix="bloked ip attempt" protocol=tcp src-address=192.168.10.0/24add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=forward comment="Stage 1: Track SSH Attempts" connection-state=new dst-port=55523 protocol=tcp src-address-list=ssh_stage1add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1d chain=forward comment="Stage 2: Add to Blacklist after second attempt" connection-state=new dst-port=55523 protocol=tcp src-address-list=ssh_stage2add action=drop chain=input comment="Drop SSH Blacklist" src-address-list=ssh_blacklistadd action=drop chain=input in-interface=ether2-WAN_Darnetadd action=drop chain=input in-interface=ether4-WAN_Rybnetadd action=reject chain=forward connection-mark=other out-interface=ether2-WAN_Darnet reject-with=icmp-network-unreachableadd action=reject chain=forward connection-mark=first out-interface=ether4-WAN_Rybnet reject-with=icmp-network-unreachableadd action=drop chain=forward dst-port=111 protocol=tcpadd action=drop chain=forward dst-port=135 protocol=tcpadd action=drop chain=forward dst-port=137-139 protocol=tcpadd action=drop chain=forward dst-port=445 protocol=tcpadd action=drop chain=forward dst-port=2049 protocol=tcpadd action=drop chain=forward dst-port=12345-12346 protocol=tcpadd action=drop chain=forward dst-port=20034 protocol=tcpadd action=drop chain=forward dst-port=31337 protocol=tcpadd action=accept chain=forward comment=ICMP icmp-options=0:0 protocol=icmpadd action=accept chain=forward icmp-options=3:0 protocol=icmpadd action=accept chain=forward icmp-options=3:1 protocol=icmpadd action=accept chain=forward icmp-options=4:0 protocol=icmpadd action=accept chain=forward icmp-options=8:0 protocol=icmpadd action=accept chain=forward icmp-options=11:0 protocol=icmpadd action=accept chain=forward icmp-options=12:0 protocol=icmp/ip firewall mangleadd action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=WAN1_con_mark out-interface=ether2-WAN_Darnetadd action=mark-routing chain=output connection-mark=WAN1_con_mark new-routing-mark=to_WAN_Darnet out-interface=ether2-WAN_Darnetadd action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=WAN2_con_mark out-interface=ether4-WAN_Rybnetadd action=mark-routing chain=output connection-mark=WAN2_con_mark new-routing-mark=to_WAN_Rybnet out-interface=ether4-WAN_Rybnetadd action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=first out-interface=ether2-WAN_Darnet passthrough=yesadd action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=other out-interface=ether4-WAN_Rybnet passthrough=yes/ip firewall natadd action=dst-nat chain=dstnat comment=touter disabled=yes dst-port=80 in-interface=ether2-WAN_Darnet log=yes protocol=tcp to-addresses=192.168.10.3 to-ports=80add action=masquerade chain=srcnat out-interface=ether2-WAN_Darnet src-address=192.168.10.0/24add action=masquerade chain=srcnat out-interface=ether2-WAN_Darnet src-address=192.168.20.0/24add action=masquerade chain=srcnat out-interface=ether2-WAN_Darnet src-address=10.0.5.0/30add action=masquerade chain=srcnat out-interface=ether4-WAN_Rybnet src-address=192.168.10.0/24add action=masquerade chain=srcnat out-interface=ether4-WAN_Rybnet src-address=192.168.20.0/24add action=dst-nat chain=dstnat comment="Port 8000 " disabled=yes dst-port=38123 in-interface=ether2-WAN_Darnet protocol=tcp to-addresses=192.168.10.150 to-ports=8000add action=dst-nat chain=dstnat comment="Port 8001 " disabled=yes dst-port=38124 in-interface=ether2-WAN_Darnet protocol=tcp to-addresses=192.168.10.151 to-ports=8000/ip firewall service-portset ftp disabled=yes/ip routeadd dst-address=8.8.8.8 gateway=myGlobalIP_GW scope=10add dst-address=8.8.4.4 gateway=10.0.5.1 scope=10add check-gateway=ping distance=1 gateway=8.8.8.8 routing-table=to_WAN_Darnet target-scope=11add check-gateway=ping distance=2 gateway=8.8.4.4 routing-table=to_WAN_Darnet target-scope=11add check-gateway=ping distance=1 gateway=8.8.4.4 routing-table=to_WAN_Rybnet target-scope=11add check-gateway=ping distance=2 gateway=8.8.8.8 routing-table=to_WAN_Rybnet target-scope=11add check-gateway=ping distance=1 gateway=myGlobalIP_GWadd distance=2 gateway=10.0.5.1/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yesStatistics: Posted by pawelfi1982 — Tue Jan 09, 2024 6:46 pm