Community discussions

MikroTik App
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Forwarding Port 80 to Web Server

Wed Mar 19, 2008 2:51 am

I am attempting to set up a router which will forward the port 80 request from my ISP's static IP of 67.143.224.198 to my local web server on 192.168.0.10. When I access 67.143.224.198 from a web browser I am ble to see the router welcome page, but it is not forwarding to my local web server. I followed the instructions on page 40 in the MT manual to set up the NAT as shown below with no luck. If anyone could offer any suggestions, it would be greatly appreciated.

Eth1 = Internet1
Eth2 = Local2 DHCP Server

NAT
0 Chain=srcnat out-interface=interface1 action=masquerade

1 chain=dstnat in-interface=internet1 dst-address=67.143.198 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.10 to-ports=0-65535

IP Address
0 Address:67.143.224.198/30 Network:67.143.224.196 Broadcast 67.143.224.199 IInterface: Internet 1

1 Address:192.168.0.1/24 Network:192.168.0.0 Broadcast: 192.168.0.255 Interface: Local2

Routes
0 ADC DST-ADDRESS:67.143.224.196/30 Pref-SRC: 67.143.224.198

1 ADC DST-ADDRESS:192.168.0.0/24 Pref-SRC: 192.168.0.1

2 A S DST-ADDRESS: 0.0.0.0/0 Gateway: r 67.143.224.197

DHCP-SERVER

0 Nam:DHC Interface: Local2 Address-Pool:dhcppool1 Lease:3d
 
User avatar
ahmedsaffar76
Member
Member
Posts: 306
Joined: Sun Feb 17, 2008 2:56 pm
Location: Iraq

Re: Forwarding Port 80 to Web Server

Wed Mar 19, 2008 3:21 am

I am attempting to set up a router which will forward the port 80 request from my ISP's static IP of 67.143.224.198 to my local web server on 192.168.0.10. When I access 67.143.224.198 from a web browser I am ble to see the router welcome page, but it is not forwarding to my local web server. I followed the instructions on page 40 in the MT manual to set up the NAT as shown below with no luck. If anyone could offer any suggestions, it would be greatly appreciated.

Eth1 = Internet1
Eth2 = Local2 DHCP Server
Hi ;
Glad to write here .
first it is important to state the names of the interfaces correctly and they should match the interfaces names in the rules .
so the name of Ether2 = local2 should occur in the rules as well not interface1 as you wrote below also you wrote the public ip wrong and i do not know if what is below is from the router or you just wrote here :
NAT
0 Chain=srcnat out-interface=interface1 action=masquerade

1 chain=dstnat in-interface=internet1 dst-address=67.143.198 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.10 to-ports=0-65535
try to use the following :
/ip firewall nat
add chain=dstnat in-interface=!internet1 dst-address=!67.143.224.198 protocol=tcp \
    dst-port=80 action=dst-nat to-address=192.168.0.10 to-ports=0-65535 comment="" disabled=no 
add chain=srcnat out-interface=!local2 src-address=!192.168.0.10 \
    action=masquerade comment="" disabled=no 

IP Address
0 Address:67.143.224.198/30 Network:67.143.224.196 Broadcast 67.143.224.199 IInterface: Internet 1

1 Address:192.168.0.1/24 Network:192.168.0.0 Broadcast: 192.168.0.255 Interface: Local
here i think you will never be able to do what you want while you have only one public ip from your ISP ,
you should have more than one public ip , one to be natted to your server and another one to be used for the internet connection from your local network .

with best regards .
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Re: Forwarding Port 80 to Web Server

Wed Mar 19, 2008 5:04 am

I am simply attempting to replace a linksys router. In the linksys I could go into the port forwarding and tell it to forward anything on port 80 to my webserver IP an my IIS would handle the rest. I have done a reset and changed my configuration as follows: Still not working.



NAT
0 Chain=srcnat out-interface=ether1 action=masquerade

1 chain=dstnat in-interface=ether1 dst-address=67.143.224.198 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.1 to-ports=0-65535

2 chain=srcnat action=masquerade src. address=192.168.0.1 out-interface:ether2


IP Address
0 Address:67.143.224.198/30 Network:67.143.224.196 Broadcast 67.143.224.199 IInterface: ether1

1 Address:192.168.0.254/24 Network:192.168.0.0 Broadcast: 192.168.0.255 Interface: ether2

Routes
0 ADC DST-ADDRESS:67.143.224.196/30 Pref-SRC: 67.143.224.198 Interface:ether1

1 ADC DST-ADDRESS:192.168.0.0/24 Pref-SRC: 192.168.0.254 Interface:ether2

2 A S DST-ADDRESS: 0.0.0.0/0 Gateway: r 67.143.224.197 internet:ether1
 
User avatar
ahmedsaffar76
Member
Member
Posts: 306
Joined: Sun Feb 17, 2008 2:56 pm
Location: Iraq

Re: Forwarding Port 80 to Web Server

Wed Mar 19, 2008 1:53 pm

Hi again ;
Did you try to use the rules i wrote for you ?
try them and give me your feedback
with best regards .
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Re: Forwarding Port 80 to Web Server

Wed Mar 19, 2008 2:22 pm

If I understand your rules correctly. I have renamed the interfaces back to ether1 and ether2 and implemented them in 1 and 2 for the Nat.

Let me know if I misunderstood your rules.

Thank you for your help so far.
 
User avatar
ahmedsaffar76
Member
Member
Posts: 306
Joined: Sun Feb 17, 2008 2:56 pm
Location: Iraq

Re: Forwarding Port 80 to Web Server

Wed Mar 19, 2008 3:29 pm

If I understand your rules correctly. I have renamed the interfaces back to ether1 and ether2 and implemented them in 1 and 2 for the Nat.

Let me know if I misunderstood your rules.

Thank you for your help so far.
Hi again ;
no i am used the names as you used it :
internet1 for internet connection
local2 for the local network

delete your nat rules , be sure that the ether NIC connected to internet have the name internet1 and the NIC for the local network named local2
just copy the codes in green colour and from new terminal paste them there and you will get the rules in the firewall nat window
check if this will help and give us your feedback .
with best regards .
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Re: Forwarding Port 80 to Web Server

Thu Mar 20, 2008 2:43 am

Ok, I have done as prescribed, but it still does not work.
What are the ! before the IP address. From what I can tell that means anything but this IP. I could not even access the internet with the ! in place.

[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=internet1 src-address=192.168.0.0/24
action=masquerade

1 X chain=dstnat in-interface=internet1 dst-address=67.143.224.198
protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.0.1
to-ports=0-65535

2 chain=srcnat out-interface=local2 src-address=192.168.0.1
action=masquerade
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Re: Forwarding Port 80 to Web Server

Thu Mar 20, 2008 2:55 am

Something doesnt look right to me on the static IP. Here are the settings that I have been using on my linksys router that I am replacing. It looks like the route is setting 67.143.224.198 as the pref-src. The gateway needs to be 67.143.224.197

Linksys Settings
Static IP:
IP Address:67.143.224.198
Subnet Mask: 255.255.255.252
Gateway : 67.143.224.197

[admin@MikroTik] ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 67.143.224.198/30 67.143.224.196 67.143.224.199 internet1
1 192.168.0.254/24 192.168.0.0 192.168.0.255 local2

[admin@MikroTik] ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 67.143.224.196/30 67.143.224.198 internet1
1 ADC 192.168.0.0/24 192.168.0.254 local2
2 A S 0.0.0.0/0 r 67.143.224.197 internet1
 
User avatar
Letni
Member
Member
Posts: 376
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: Forwarding Port 80 to Web Server

Thu Mar 20, 2008 4:00 am

1 X chain=dstnat in-interface=internet1 dst-address=67.143.224.198
protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.0.1
to-ports=0-65535
change to-ports=80 and enable this rule.

-Louis
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Re: Forwarding Port 80 to Web Server

Thu Mar 20, 2008 4:47 am

Thanks Louis.
I changed it as directed, still doesnt work

[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=internet1 src-address=192.168.0.0/24
action=masquerade

1 chain=dstnat in-interface=internet1 dst-address=67.143.224.198
protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.0.1
to-ports=80

2 chain=srcnat out-interface=local2 src-address=192.168.0.1
action=masquerade
 
phil1995
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Fri Oct 26, 2007 5:54 am

Re: Forwarding Port 80 to Web Server

Thu Mar 20, 2008 5:40 am

Thanks for everyones help, I finally got it to work. It required adding an additona nat with protocol=UDP as illustrated below.

http://wiki.mikrotik.com/wiki/Talk:Forw ... nternal_IP

ip firewall nat add chain=dstnat dst-address=aaa.aaa.aaa.aaa protocol=tcp dst-port=bbbb \
action=dst-nat to-addresses=xxx.xxx.xxx.xxx to-ports=yyyy
ip firewall nat add chain=dstnat dst-address=aaa.aaa.aaa.aaa protocol=udp dst-port=bbbb \
action=dst-nat to-addresses=xxx.xxx.xxx.xxx to-ports=yyyy


[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=internet1 src-address=192.168.0.0/24
action=masquerade

1 chain=srcnat out-interface=local2 src-address=192.168.0.1
action=masquerade

2 chain=dstnat dst-address=67.143.224.198 protocol=tcp dst-port=80
action=dst-nat to-addresses=192.168.0.1 to-ports=80

3 chain=dstnat dst-address=67.143.224.198 protocol=udp dst-port=80
action=dst-nat to-addresses=192.168.0.1 to-ports=80

Who is online

Users browsing this forum: Amazon [Bot] and 42 guests