This rule allows port 3000 to the router, which is what you dont want, you want it strictly to the LAN server, so it should be removed.
add action=accept chain=input comment="allow 3000" in-interface=pppoe-client port=3000 protocol=tcp
This rule is hindering port forward...
add action=drop chain=forward comment="drop access to clients behind NAT from WAN" connection-nat-state=!dstnat connection-state=new in-interface=ether1
Recommend removing and replacing with these rules, and also making it clearer.
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface=pppoe-client
add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="Drop all else"
add action=accept chain=input comment="allow 3000" in-interface=pppoe-client port=3000 protocol=tcp
This rule is hindering port forward...
add action=drop chain=forward comment="drop access to clients behind NAT from WAN" connection-nat-state=!dstnat connection-state=new in-interface=ether1
Recommend removing and replacing with these rules, and also making it clearer.
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface=pppoe-client
add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="Drop all else"
Statistics: Posted by anav — Mon Jan 27, 2025 9:16 pm