add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN
add action=accept chain=forward dst-port=51820 in-interface-list=WAN protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=51820 protocol=udp to-addresses=192.168.88.86 to-ports=51820
The top rule is disabled and I would enable it and remove the second rule ( forward chain ).
In (NAT), add interface-list=WAN to the second rule.
See if that clears it up.
add action=accept chain=forward dst-port=51820 in-interface-list=WAN protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=51820 protocol=udp to-addresses=192.168.88.86 to-ports=51820
The top rule is disabled and I would enable it and remove the second rule ( forward chain ).
In (NAT), add interface-list=WAN to the second rule.
See if that clears it up.
Statistics: Posted by Mesquite — Wed Jan 31, 2024 10:27 pm