The following article will describe how to make port-forwarding on Mikrotik through the terminal.
In most cases port-forwarding is done to access a private address on a specific port, using a public IP address. Good example are the DVR configurations.
So for example, you have a LAN network: 192.168.1.0/24 behind the public IP address: x.x.x.x and you have a web application installed on: 192.168.1.8, that must be accessed through Internet. And here comes the need from port-forwarding – there are several options to forward the traffic:
- 192.168.1.8:80 to x.x.x.x:80
- 192.168.1.8:80 to x.x.x.x:8070
- 192.168.1.8:80 to y.y.y.y:80 (another Public IP address)
- 192.168.1.8:80 to y.y.y.y:8070
Please bear in mind that all of the above configurations must be added on the router, which is gateway for the LAN network.
Port-forwarding option in Mikrotik is accessed through the IP section -> Firewall sub-section -> NAT tab
Or through the terminal:
Open a new terminal – if you are using WebFig pop-up might appear from your browser asking if you allow the terminal tab to show up, click “allow always”.
In first place, check current NAT rules and if the port that you want to use is free:
/ip firewall nat print
It is not recommended to use well-known port numbers for dst-port in the rules.
/ip firewall nat chain=dstnat action=dst-nat to-addresses=192.168.1.8 to-ports=80 protocol=tcp dst-address=x.x.x.x dst-port=8070
Next, if you open in the web browser x.x.x.x:8070 the web page on 192.168.1.8:80 will show up.
Through Webfig or Winbox (under Linux you can open it by using Wine) you can check the traffic that goes through this firewall rule:
IP section -> Firewall sub-section -> Filter rules
If you have any questions, contact me on: firstname.lastname@example.org