Josh has hit the target Your port 80 rule doesn’t specify the interface so anything defined for port 80 is being redirected to your internal box.
This includes standard website requests, which will be preventing your internet surfing. Just add in-interface=ether1-gateway and things should work. Regards Alexander Alexander Neilson Neilson Productions Limited [email protected] 021 329 681 022 456 2326 On 8/06/2014, at 9:04 am, Grand Avenue Broadband <[email protected]> wrote: > I'm assuming you mean "it kills my ability to browse TO THE WAN IP using a > device on the inside of my network." If that is accurate, see here: > > http://wiki.mikrotik.com/wiki/Hairpin_NAT > > If you mean "it kills my ability to browse TO THE LAN IP using a device on > the inside of my network," Joshs advice has already hit the target. > > On Jun 7, 2014, at 1:15 PM, Casey Mills <[email protected]> wrote: > >> I was pretty big into Mikrotik in years past, but haven't been active in >> some time. >> >> I just picked up a RB2011 and want to forward ports 80, 443, and 50500 for >> my network storage device. When I dstnat those ports below it kills my >> ability to browse using a device on the inside of my network. This has to >> be something simple, please help. >> >> I'm not sure how traffic originating from the outside and destined for my >> network storage is treated. Ideally it should be handled by the forward >> chain, but it will have a destination IP of the WAN side of the router. So >> that makes me think imput chain. >> >> >> /ip firewall filter >> add chain=input protocol=icmp >> add chain=input connection-state=established >> add chain=input connection-state=related >> add action=drop chain=input in-interface=ether1-gateway >> add chain=forward connection-state=established >> add chain=forward connection-state=related >> add action=drop chain=forward connection-state=invalid >> >> >> /ip firewall nat >> add action=masquerade chain=srcnat out-interface=ether1-gateway >> to-addresses=0.0.0.0 >> add action=dst-nat chain=dstnat comment=Foscam-1 dst-port=8080 protocol=tcp >> to-addresses=192.168.55.200 to-ports=8080 >> add action=dst-nat chain=dstnat comment=Foscam-2 dst-port=8081 protocol=tcp >> to-addresses=192.168.55.201 to-ports=8081 >> add action=dst-nat chain=dstnat comment=IX2 disabled=yes >> dst-address-type="" dst-port=80 protocol=tcp to-addresses=192.168.55.54 >> to-ports=80 >> add action=dst-nat chain=dstnat comment=IX2 disabled=yes >> dst-address-type="" dst-port=443 protocol=tcp to-addresses=192.168.55.54 >> to-ports=443 >> add action=dst-nat chain=dstnat comment=IX2 disabled=yes dst-port=50500 >> protocol=tcp to-addresses=192.168.55.54 to-ports=50500 >> add action=dst-nat chain=dstnat comment=Casey7-RDP dst-port=3389 >> protocol=tcp to-addresses=192.168.55.52 to-ports=3389 >> add action=dst-nat chain=dstnat comment=HTPC7-Plex dst-port=32400 >> protocol=tcp to-addresses=192.168.55.50 to-ports=32400 >> add action=dst-nat chain=dstnat comment=HTPC7-CetonApp dst-port=5832 >> protocol=tcp to-addresses=192.168.55.50 to-ports=5832 >> >> >> Thanks, >> Casey >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140607/7f0955d3/attachment.html> >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4127 bytes Desc: not available URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140608/9821d202/attachment.bin> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
