Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Forwarding Ports for Xbox?? MikroTik

Go to solution Solved by brwainer,
58 minutes ago, AMD Lover said:

 

Screenshot (1).png

Screenshot (2).png

On the General tab, take the ports you have in "Src. Port" and move it to "Dst. Port". Then on Action put in the same port number. Your Plex Server rule appears to be correct, although I can't see the "To Ports"column in your screenshot (it isn't added by default, you can do so by clicking the down arrow to the right of Packets)

So a little while back I got rid of my ISP router for a MikroTik CR125 Cloud Router Switch. I love it because I can conceal everything in my media panel and keep everything neat and tidy. However, I wanted to keep UPnP disabled for security reasons (And the fact I couldn't get it to work). So I googled the ports I needed to forward and created my rules and went to clickin. Buttt, it doesn't look like my port forwards are actually working. I have minimal packet flow and my NAT type on the Xbox went from Moderate to Strict. I set my Xbox to have a static IP of 192.168.100.5 and you can see that in my settings.

 

Can someone tell me how to correctly forward these ports. I'll included screenshots of my settings that I tried and also have the ports needed listed. Should they be configured as source NAT?

Screenshot_20180616-213513_Tik-App.jpg

Screenshot_20180617-000923_Tik-App.jpg

Screenshot_20180617-000929_Tik-App.jpg

Work Desktop | CPU: Intel Core i7 4770k | GPU: Quadro K1200 | Motherboard: EVGA Z97 Classified | RAM: Corsair Dominator Platinum 32GB (4x8GB) DDR3-2133Mhz | PSU: Seasonic 750W SS-750KM3 80 PLUS Gold | STORAGE: WD 1TB Se Enterprise Grade Drive & Corsair Neutron NX500 400GB NVMe PCIe  | COOLER: Enermax Liqtech 240 -  5x Noctua NF-F12 iPPC 2000 PWM | CASE: Corsair 600C | OS: Windows 10 Pro | Peripherals: Logitech MX Master 2S -- Logitech K840 -- INTEL X520 10Gb NIC -- 3x Acer H236HL -- Build Log | 

 

Work Server | CPU: Intel Xeon E5-2650 v3 | Model: Cisco UCS C220 M4 (SFF) | RAM: 64GB (4x16GB) Cisco (Samsung) DDR4 2133Mhz | STORAGE: 4x Cisco (Seagate) 900GB 10K 2.5" (RAID 10) - 2x 32GB Cisco FlexFlash Boot Drive (RAID 1) | OS: vSphere 6.7 Enterprise Plus U3 | 

 

Laptop | CPU: Intel Core i7 6700HQ | GPU: Nvidia GTX 960M 2GB GDDR5 | RAM: 32GB (2 x 16GB) DDR4-2400Mhz | STORAGE: 512GB Hynix NVMe | OS: Windows 10 Pro |

 

Gaming Desktop | CPU: Intel Core i7 9700K | GPU: Gigabyte RTX 2080 WINDFORCE 8G  | Motherboard: ASRock Z390 PHANTOM GAMING-ITX | RAM: Ballistix Elite 32GB Kit (16GB x 2) DDR4-3000 | PSU: Silverstone SX700-LPT 700w 80 PLUS Platinum | STORAGE: 2x Samsung 970 PRO 1TB NVMe | COOLER: Noctua NH-L12 | CASE: Louqe Ghost S1 | OS: Windows 10 Pro | Build Log in Progress | 

 

Home Server | CPU: Intel Xeon E5-2690 (Sandy Bridge) | GPU: Quadro P2000 | Motherboard: SUPERMICRO X9SRL-F  | RAM: 64GB (8x8GB) Micron VLP DDR3-1600 ECC | PSU: SUPERMICRO 665W 80 PLUS Bronze | STORAGE: 2x Samsung 860 EVO 500GB (RAID 1) - 4x WD 8TB Ultrastar (RAID 10) - Intel SSD D3-S4510 Series 240GB (BOOT)  | COOLER: Noctua NH-U12DXi4 with 2x Noctua NF-F12 iPPC 3000 PWM | CASE: SUPERMICRO CSE-842TQ-665B 4U | OS: vSphere 6.7 Enterprise Plus U3 | Build Log in Progress |

 

| Pixel 4XL 128GB - Clearly White - Unlocked - Carrier: Visible |

 

| F@H STATS |

Link to comment
Share on other sites

Link to post
Share on other sites

Forwarding ports is fairly strait forward you find it somewhere near or under firewall settings. Pick what ports you want to forward. Weather you need TCP, UDP, or both, then select an IP to associate with the ports. You'll have to create an individual entry for each IP.

 

Unfortunately step by step instructions for your router is only really going to be possible for people who own the same WebUI as you. I do not.

 

You can check if the ports were successfully opened with a online port checker.

 

If you're just looking to forward network traffic to specific devices you shouldn't have to edit anything for NAT.

Link to comment
Share on other sites

Link to post
Share on other sites

In you dst-nat rules to have to set the “to port” on every rule, it is right under the “to address”.

 

Can you show us the rules from webfig (the http interface) or winbox? I’ve not used the android tikapp before (I think that’s what you’re using?) so things look a bit different to me.

 

Edit: also with dst-nat you should only be putting port numbers into the dst-port not the src-port. 

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Windows7ge said:

Forwarding ports is fairly strait forward you find it somewhere near or under firewall settings. Pick what ports you want to forward. Weather you need TCP, UDP, or both, then select an IP to associate with the ports. You'll have to create an individual entry for each IP.

 

Unfortunately step by step instructions for your router is only really going to be possible for people who own the same WebUI as you. I do not.

 

You can check if the ports were successfully opened with a online port checker.

 

If you're just looking to forward network traffic to specific devices you shouldn't have to edit anything for NAT.

He is using RouterOS, the same OS run by all Mikrotik devices. He’s in the right section for port forwarding just needs help with the rules. The fundamentals are the same as setting it up on PFSense because they both do it via the NAT section of the firewall config, and both have more or less the same configuration options. Anyway there is a fairly indepth wiki for RouterOS, the page for NAT is https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, brwainer said:

In you dst-nat rules to have to set the “to port” on every rule, it is right under the “to address”.

 

Can you show us the rules from webfig (the http interface) or winbox? I’ve not used the android tikapp before (I think that’s what you’re using?) so things look a bit different to me.

 

Edit: also with dst-nat you should only be putting port numbers into the dst-port not the src-port. 

 

Screenshot (1).png

Screenshot (2).png

Work Desktop | CPU: Intel Core i7 4770k | GPU: Quadro K1200 | Motherboard: EVGA Z97 Classified | RAM: Corsair Dominator Platinum 32GB (4x8GB) DDR3-2133Mhz | PSU: Seasonic 750W SS-750KM3 80 PLUS Gold | STORAGE: WD 1TB Se Enterprise Grade Drive & Corsair Neutron NX500 400GB NVMe PCIe  | COOLER: Enermax Liqtech 240 -  5x Noctua NF-F12 iPPC 2000 PWM | CASE: Corsair 600C | OS: Windows 10 Pro | Peripherals: Logitech MX Master 2S -- Logitech K840 -- INTEL X520 10Gb NIC -- 3x Acer H236HL -- Build Log | 

 

Work Server | CPU: Intel Xeon E5-2650 v3 | Model: Cisco UCS C220 M4 (SFF) | RAM: 64GB (4x16GB) Cisco (Samsung) DDR4 2133Mhz | STORAGE: 4x Cisco (Seagate) 900GB 10K 2.5" (RAID 10) - 2x 32GB Cisco FlexFlash Boot Drive (RAID 1) | OS: vSphere 6.7 Enterprise Plus U3 | 

 

Laptop | CPU: Intel Core i7 6700HQ | GPU: Nvidia GTX 960M 2GB GDDR5 | RAM: 32GB (2 x 16GB) DDR4-2400Mhz | STORAGE: 512GB Hynix NVMe | OS: Windows 10 Pro |

 

Gaming Desktop | CPU: Intel Core i7 9700K | GPU: Gigabyte RTX 2080 WINDFORCE 8G  | Motherboard: ASRock Z390 PHANTOM GAMING-ITX | RAM: Ballistix Elite 32GB Kit (16GB x 2) DDR4-3000 | PSU: Silverstone SX700-LPT 700w 80 PLUS Platinum | STORAGE: 2x Samsung 970 PRO 1TB NVMe | COOLER: Noctua NH-L12 | CASE: Louqe Ghost S1 | OS: Windows 10 Pro | Build Log in Progress | 

 

Home Server | CPU: Intel Xeon E5-2690 (Sandy Bridge) | GPU: Quadro P2000 | Motherboard: SUPERMICRO X9SRL-F  | RAM: 64GB (8x8GB) Micron VLP DDR3-1600 ECC | PSU: SUPERMICRO 665W 80 PLUS Bronze | STORAGE: 2x Samsung 860 EVO 500GB (RAID 1) - 4x WD 8TB Ultrastar (RAID 10) - Intel SSD D3-S4510 Series 240GB (BOOT)  | COOLER: Noctua NH-U12DXi4 with 2x Noctua NF-F12 iPPC 3000 PWM | CASE: SUPERMICRO CSE-842TQ-665B 4U | OS: vSphere 6.7 Enterprise Plus U3 | Build Log in Progress |

 

| Pixel 4XL 128GB - Clearly White - Unlocked - Carrier: Visible |

 

| F@H STATS |

Link to comment
Share on other sites

Link to post
Share on other sites

58 minutes ago, AMD Lover said:

 

Screenshot (1).png

Screenshot (2).png

On the General tab, take the ports you have in "Src. Port" and move it to "Dst. Port". Then on Action put in the same port number. Your Plex Server rule appears to be correct, although I can't see the "To Ports"column in your screenshot (it isn't added by default, you can do so by clicking the down arrow to the right of Packets)

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, brwainer said:

On the General tab, take the ports you have in "Src. Port" and move it to "Dst. Port". Then on Action put in the same port number. Your Plex Server rule appears to be correct, although I can't see the "To Ports"column in your screenshot (it isn't added by default, you can do so by clicking the down arrow to the right of Packets)

Thanks! That appears to have worked. As far as I know Plex doesn't require the port to be in the "To Ports"??

Screenshot (3).png

Work Desktop | CPU: Intel Core i7 4770k | GPU: Quadro K1200 | Motherboard: EVGA Z97 Classified | RAM: Corsair Dominator Platinum 32GB (4x8GB) DDR3-2133Mhz | PSU: Seasonic 750W SS-750KM3 80 PLUS Gold | STORAGE: WD 1TB Se Enterprise Grade Drive & Corsair Neutron NX500 400GB NVMe PCIe  | COOLER: Enermax Liqtech 240 -  5x Noctua NF-F12 iPPC 2000 PWM | CASE: Corsair 600C | OS: Windows 10 Pro | Peripherals: Logitech MX Master 2S -- Logitech K840 -- INTEL X520 10Gb NIC -- 3x Acer H236HL -- Build Log | 

 

Work Server | CPU: Intel Xeon E5-2650 v3 | Model: Cisco UCS C220 M4 (SFF) | RAM: 64GB (4x16GB) Cisco (Samsung) DDR4 2133Mhz | STORAGE: 4x Cisco (Seagate) 900GB 10K 2.5" (RAID 10) - 2x 32GB Cisco FlexFlash Boot Drive (RAID 1) | OS: vSphere 6.7 Enterprise Plus U3 | 

 

Laptop | CPU: Intel Core i7 6700HQ | GPU: Nvidia GTX 960M 2GB GDDR5 | RAM: 32GB (2 x 16GB) DDR4-2400Mhz | STORAGE: 512GB Hynix NVMe | OS: Windows 10 Pro |

 

Gaming Desktop | CPU: Intel Core i7 9700K | GPU: Gigabyte RTX 2080 WINDFORCE 8G  | Motherboard: ASRock Z390 PHANTOM GAMING-ITX | RAM: Ballistix Elite 32GB Kit (16GB x 2) DDR4-3000 | PSU: Silverstone SX700-LPT 700w 80 PLUS Platinum | STORAGE: 2x Samsung 970 PRO 1TB NVMe | COOLER: Noctua NH-L12 | CASE: Louqe Ghost S1 | OS: Windows 10 Pro | Build Log in Progress | 

 

Home Server | CPU: Intel Xeon E5-2690 (Sandy Bridge) | GPU: Quadro P2000 | Motherboard: SUPERMICRO X9SRL-F  | RAM: 64GB (8x8GB) Micron VLP DDR3-1600 ECC | PSU: SUPERMICRO 665W 80 PLUS Bronze | STORAGE: 2x Samsung 860 EVO 500GB (RAID 1) - 4x WD 8TB Ultrastar (RAID 10) - Intel SSD D3-S4510 Series 240GB (BOOT)  | COOLER: Noctua NH-U12DXi4 with 2x Noctua NF-F12 iPPC 3000 PWM | CASE: SUPERMICRO CSE-842TQ-665B 4U | OS: vSphere 6.7 Enterprise Plus U3 | Build Log in Progress |

 

| Pixel 4XL 128GB - Clearly White - Unlocked - Carrier: Visible |

 

| F@H STATS |

Link to comment
Share on other sites

Link to post
Share on other sites

47 minutes ago, AMD Lover said:

Thanks! That appears to have worked. As far as I know Plex doesn't require the port to be in the "To Ports"??

Screenshot (3).png

I wouldn't be terribly surprised if the system assumes a blank value for "To. Ports" means to use the same as the Dst. Port, but that is relying on an assumption that might change in future updates.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites

Link to post
Share on other sites

It's a good idea to create some input filter rules, you should have rules to permit to destination port on the input interface for your port forwards and a 'permit established/related' rule, but deny other inbound traffic.

PC : 3600 · Crosshair VI WiFi · 2x16GB RGB 3200 · 1080Ti SC2 · 1TB WD SN750 · EVGA 1600G2 · Define C 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, beersykins said:

It's a good idea to create some input filter rules, you should have rules to permit to destination port on the input interface for your port forwards and a 'permit established/related' rule, but deny other inbound traffic.

I'm a little confused on this. I'm still pretty new to setting up firewall rules. I think I've already done this? I'll send a screenshot here in about 30 mins however if I haven't I would like to know how. I'm all about securing my network and learning more!

Work Desktop | CPU: Intel Core i7 4770k | GPU: Quadro K1200 | Motherboard: EVGA Z97 Classified | RAM: Corsair Dominator Platinum 32GB (4x8GB) DDR3-2133Mhz | PSU: Seasonic 750W SS-750KM3 80 PLUS Gold | STORAGE: WD 1TB Se Enterprise Grade Drive & Corsair Neutron NX500 400GB NVMe PCIe  | COOLER: Enermax Liqtech 240 -  5x Noctua NF-F12 iPPC 2000 PWM | CASE: Corsair 600C | OS: Windows 10 Pro | Peripherals: Logitech MX Master 2S -- Logitech K840 -- INTEL X520 10Gb NIC -- 3x Acer H236HL -- Build Log | 

 

Work Server | CPU: Intel Xeon E5-2650 v3 | Model: Cisco UCS C220 M4 (SFF) | RAM: 64GB (4x16GB) Cisco (Samsung) DDR4 2133Mhz | STORAGE: 4x Cisco (Seagate) 900GB 10K 2.5" (RAID 10) - 2x 32GB Cisco FlexFlash Boot Drive (RAID 1) | OS: vSphere 6.7 Enterprise Plus U3 | 

 

Laptop | CPU: Intel Core i7 6700HQ | GPU: Nvidia GTX 960M 2GB GDDR5 | RAM: 32GB (2 x 16GB) DDR4-2400Mhz | STORAGE: 512GB Hynix NVMe | OS: Windows 10 Pro |

 

Gaming Desktop | CPU: Intel Core i7 9700K | GPU: Gigabyte RTX 2080 WINDFORCE 8G  | Motherboard: ASRock Z390 PHANTOM GAMING-ITX | RAM: Ballistix Elite 32GB Kit (16GB x 2) DDR4-3000 | PSU: Silverstone SX700-LPT 700w 80 PLUS Platinum | STORAGE: 2x Samsung 970 PRO 1TB NVMe | COOLER: Noctua NH-L12 | CASE: Louqe Ghost S1 | OS: Windows 10 Pro | Build Log in Progress | 

 

Home Server | CPU: Intel Xeon E5-2690 (Sandy Bridge) | GPU: Quadro P2000 | Motherboard: SUPERMICRO X9SRL-F  | RAM: 64GB (8x8GB) Micron VLP DDR3-1600 ECC | PSU: SUPERMICRO 665W 80 PLUS Bronze | STORAGE: 2x Samsung 860 EVO 500GB (RAID 1) - 4x WD 8TB Ultrastar (RAID 10) - Intel SSD D3-S4510 Series 240GB (BOOT)  | COOLER: Noctua NH-U12DXi4 with 2x Noctua NF-F12 iPPC 3000 PWM | CASE: SUPERMICRO CSE-842TQ-665B 4U | OS: vSphere 6.7 Enterprise Plus U3 | Build Log in Progress |

 

| Pixel 4XL 128GB - Clearly White - Unlocked - Carrier: Visible |

 

| F@H STATS |

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, beersykins said:

It's a good idea to create some input filter rules, you should have rules to permit to destination port on the input interface for your port forwards and a 'permit established/related' rule, but deny other inbound traffic.

Here's another screenshot

6 hours ago, brwainer said:

I wouldn't be terribly surprised if the system assumes a blank value for "To. Ports" means to use the same as the Dst. Port, but that is relying on an assumption that might change in future updates.

@brwainer, Any input on what beersykins is saying? Is it needed and how would I implement it?

Screenshot (4).png

Work Desktop | CPU: Intel Core i7 4770k | GPU: Quadro K1200 | Motherboard: EVGA Z97 Classified | RAM: Corsair Dominator Platinum 32GB (4x8GB) DDR3-2133Mhz | PSU: Seasonic 750W SS-750KM3 80 PLUS Gold | STORAGE: WD 1TB Se Enterprise Grade Drive & Corsair Neutron NX500 400GB NVMe PCIe  | COOLER: Enermax Liqtech 240 -  5x Noctua NF-F12 iPPC 2000 PWM | CASE: Corsair 600C | OS: Windows 10 Pro | Peripherals: Logitech MX Master 2S -- Logitech K840 -- INTEL X520 10Gb NIC -- 3x Acer H236HL -- Build Log | 

 

Work Server | CPU: Intel Xeon E5-2650 v3 | Model: Cisco UCS C220 M4 (SFF) | RAM: 64GB (4x16GB) Cisco (Samsung) DDR4 2133Mhz | STORAGE: 4x Cisco (Seagate) 900GB 10K 2.5" (RAID 10) - 2x 32GB Cisco FlexFlash Boot Drive (RAID 1) | OS: vSphere 6.7 Enterprise Plus U3 | 

 

Laptop | CPU: Intel Core i7 6700HQ | GPU: Nvidia GTX 960M 2GB GDDR5 | RAM: 32GB (2 x 16GB) DDR4-2400Mhz | STORAGE: 512GB Hynix NVMe | OS: Windows 10 Pro |

 

Gaming Desktop | CPU: Intel Core i7 9700K | GPU: Gigabyte RTX 2080 WINDFORCE 8G  | Motherboard: ASRock Z390 PHANTOM GAMING-ITX | RAM: Ballistix Elite 32GB Kit (16GB x 2) DDR4-3000 | PSU: Silverstone SX700-LPT 700w 80 PLUS Platinum | STORAGE: 2x Samsung 970 PRO 1TB NVMe | COOLER: Noctua NH-L12 | CASE: Louqe Ghost S1 | OS: Windows 10 Pro | Build Log in Progress | 

 

Home Server | CPU: Intel Xeon E5-2690 (Sandy Bridge) | GPU: Quadro P2000 | Motherboard: SUPERMICRO X9SRL-F  | RAM: 64GB (8x8GB) Micron VLP DDR3-1600 ECC | PSU: SUPERMICRO 665W 80 PLUS Bronze | STORAGE: 2x Samsung 860 EVO 500GB (RAID 1) - 4x WD 8TB Ultrastar (RAID 10) - Intel SSD D3-S4510 Series 240GB (BOOT)  | COOLER: Noctua NH-U12DXi4 with 2x Noctua NF-F12 iPPC 3000 PWM | CASE: SUPERMICRO CSE-842TQ-665B 4U | OS: vSphere 6.7 Enterprise Plus U3 | Build Log in Progress |

 

| Pixel 4XL 128GB - Clearly White - Unlocked - Carrier: Visible |

 

| F@H STATS |

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, AMD Lover said:

Here's another screenshot

@brwainer, Any input on what beersykins is saying? Is it needed and how would I implement it?

Screenshot (4).png

You already have what @beersykins was suggesting that you do, because you have the default rules that Mikrotik made. It is important to understand that these default firewall rules only apply to devices that Mikrotik intends for SOHO use (generally anything that has wireless or less than 8 ports) and also that even if you have one of these SOHO devices it is possible to not have any firewall rules if you reset to defaults and then don't use one of the Quick Set profiles as a starting point. The general rule of thumb is to use Quick Set the first time you log into a device, and then never touch it afterwards again. Anyway, let's discuss the suggestion in specifics.

 

3 hours ago, beersykins said:

It's a good idea to create some input filter rules, you should have rules to permit to destination port on the input interface for your port forwards and a 'permit established/related' rule, but deny other inbound traffic.

"input rules" are anything that is on the "Chain" of "Input". Input is anything whose destination is the router's own IP. The other possible chains are Forward (anything whose destination is some other IP), and Output (anything that the router itself is sending , this does not include traffic leaving the router due to forwarding). If you look at your Input rules you'll see that you are accepting ICMP (pings), anything from the LAN, anything to do with l2tp, a couple other rules that I can't see the details of in the screenshot, and then dropping everything else. This is a pretty standard and good input filter list.

The mention of "established/related" is a bit odd since that is a Forward chain thing, not an Input Chain. But you do have that rule, as well as the other normal things like FastTrack, dropping invalid, and dropping anything from WAN that is going through dstnat (this protects you from someone being on the WAN side of the router but trying to directly access your internal devices via IP - with your internet connection being over PPPoE this is basically impossible, this default rule exists because there are other circumstances where your "WAN" might really be a shared network and other people's equipment might be on the same network and able to reach your router directly)

Overall your firewall rules look normal and I have no concerns.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×