I'm having issues with some port forwarding rules. I have two locations which both have RB750's. I am forwarding ports so that the customer can view his cameras at both locations.
The problem is, he is unable to view the cameras from one location at the other location and vice versa. Basically, he cannot view the cameras between the two. Any suggestions or advice would be greatly appreciated. Here is the /ip firewall filter export of the first one: /ip firewall filter add action=accept chain=input comment="Added by webbox" disabled=no protocol=icmp add action=accept chain=input comment="Winbox from Gtek" disabled=no dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 add action=accept chain=input comment="SSH from Gtek" disabled=no dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 add action=accept chain=input comment="Added by webbox" connection-state=established disabled=no in-interface=ether1-gateway add action=accept chain=input comment="Added by webbox" connection-state=related disabled=no in-interface=ether1-gateway add action=drop chain=input comment="Added by webbox" disabled=no in-interface=ether1-gateway add action=jump chain=forward comment="Added by webbox" disabled=no in-interface=ether1-gateway jump-target=customer add action=accept chain=customer comment="Camera Server" disabled=no dst-address=192.168.1.250 dst-port=80,1111,2222,3333,4444,6666 in-interface=ether1-gateway protocol=tcp add action=accept chain=customer comment="Added by webbox" connection-state=established disabled=no add action=accept chain=customer comment="Added by webbox" connection-state=related disabled=no add action=drop chain=customer comment="Added by webbox" disabled=no /ip firewall nat for the first one: /ip firewall nat add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.199.157 dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.250 to-ports=80 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.199.157 dst-port=1111 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.250 to-ports=1111 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.199.157 dst-port=2222 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.250 to-ports=2222 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.199.157 dst-port=3333 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.250 to-ports=3333 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.199.157 dst-port=4444 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.250 to-ports=4444 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.199.157 dst-port=6666 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.250 to-ports=6666 add action=masquerade chain=srcnat comment="Added by webbox" disabled=no out-interface=ether1-gateway /ip firewall export from the second one: /ip firewall filter add action=accept chain=input comment="Added by webbox" disabled=no protocol=icmp add action=accept chain=input comment="Winbox from Gtek" disabled=no dst-port=8291 protocol=tcp src-address=xxx.xxx.11.2 add action=accept chain=input comment="SSH from Gtek" disabled=no dst-port=9122 protocol=tcp src-address=xxx.xxx.11.2 add action=accept chain=input comment="Added by webbox" connection-state=established disabled=no in-interface=ether1-gateway add action=accept chain=input comment="Added by webbox" connection-state=related disabled=no in-interface=ether1-gateway add action=drop chain=input comment="Added by webbox" disabled=no in-interface=ether1-gateway add action=jump chain=forward comment="Added by webbox" disabled=no in-interface=ether1-gateway jump-target=customer add action=accept chain=customer comment="Added by webbox" connection-state=established disabled=no add action=accept chain=customer comment="Added by webbox" connection-state=related disabled=no add action=accept chain=customer comment="Camera Server" disabled=no dst-address=192.168.1.212 dst-port=80,1111,2222,3333,4444,6666 protocol=tcp add action=accept chain=customer comment="" disabled=yes dst-address=192.168.1.100 dst-port=5631-5632 protocol=tcp add action=accept chain=customer comment="" disabled=yes dst-address=192.168.1.200 dst-port=5634-5635 protocol=tcp add action=accept chain=customer comment="" disabled=yes dst-address=192.168.1.150 dst-port=7000-7001 protocol=tcp add action=drop chain=customer comment="Added by webbox" disabled=no /ip firewall nat from the second one: /ip firewall nat add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.11.245 dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.212 to-ports=80 add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=xxx.xxx.11.245 dst-port=5631-5632 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.100 to-ports=5631-5632 add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=xxx.xxx.11.245 dst-port=5634-5635 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.200 to-ports=5634-5635 add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=xxx.xxx.11.245 dst-port=7000-7001 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.150 to-ports=7000-7001 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.11.245 dst-port=1111 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.212 to-ports=1111 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.11.245 dst-port=2222 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.212 to-ports=2222 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.11.245 dst-port=3333 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.2.212 to-ports=3333 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.11.245 dst-port=4444 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.212 to-ports=4444 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=xxx.xxx.11.245 dst-port=6666 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.2.212 to-ports=6666 add action=masquerade chain=srcnat comment="Added by webbox" disabled=no out-interface=ether1-gateway -- Alan Bryant Gtek Computers & Wireless L.L.C. Office: 361-777-1400 | Fax: 361-777-1405 [email protected] | www.gtek.biz CONFIDENTIALITY NOTICE: This communication (including any attachments) may contain privileged or confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this communication and/or shred the materials and any attachments and are hereby notified that any disclosure, copying, or distribution of this communication, or the taking of any action based on it, is strictly prohibited. Thank you. _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
