I have a wifi amplifier connected via LAN to my modem router (MikroTik). The modem router has a PPPOE connect by the ISP. The second router (TP-Link TL-WR841HP) I bought my self and I use to extend my connection from the modem router. I am trying to port forward to be able to run a server. The second router offers an option to port forward as well. So I am struggling to understand how I am going to port forward, I don’t know what IP to use where. I’ve tried to set up a port forward on my MikroTik router and am not sure what to use as my “dst address”, “in. interface”(as wlan1 doesn’t work) and after setting my action as dst-nat I don’t know what to put as my “To Addresses”. Should I port forward at all on my second router? What IP should I use for my port forwarding? I would appreciate any help, I’m quite new to router configurations and don’t understand most of the terms used. But I am dedicated to learn and understand.
If you want to do the port forwarding from the second router, then you are using it in router mode.
If you want to simplify your life, just set up the second router as a WIFI access point & switch!
https://www.dslreports.com/faq/11233
Then you dont need to do double nat and although not complicated its a pain.
The basics of port forwarding are:
a. ensuring you have the default firewall rules in place as they already permit port forwarding.b
b. having a working sourcenat rule, if you have been using internet arleady you are good to go
c. setup a port forward rule for the server typical format is.
/ip firewall nat
add chain=dstnat action=dst-nat protocol=tcp dst-port=xxxx in-interface-list=wan \ ***
to-address=IPofserver
**** ensure that on your interface list you have the pppoe-interface as part of the WAN.
If you have do port forwarding to second router, then the only difference from the above is that the To-address=LANIPofsecondrouter (which is also the WANIPof the second router from its perspective). You then have to setup portforwarding as per normal on the second router.
Thank you so much, I managed to set it up as a AP. When setting the port forwarding rules for the interface I get this error, “in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge1)”, should I just continue using bridge1?
Hi there,
Can you please post your config
/export hide-sensitive file=anynameyouwish
Will do but Ive run into another problem, I was playing around with bridging and the PPPOE clients. Next thing I know my internet cuts out and the connection to the router stays on but no internet and so I plug my internet into my second router and set the PPPOE up on that for the time being. But how am I suppose to access my mikrotik router without a internet connection? Any way I can access the admin page offline? Resetting my router isn’t an option unfortunately.
Playing around is not what one should do LOL.
Make liberal use of the SAFE MODE button at the top of winbox. It allows one to recover gracefully from any error.
may/06/2020 16:31:57 by RouterOS 6.38.3
software id = KE5J-LU9H
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1
use-peer-dns=yes user=**
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=""
management-protection=allowed mode=dynamic-keys name=profile1
supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=
profile1 ssid="61 Home WI-FI" wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether3
add interface=ether2
add bridge=bridge1 disabled=yes interface=ether1
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
add address=192.168.0.1/8 interface=ether2 network=192.0.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.0.0.0/8 gateway=192.168.0.1 netmask=8
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip dns
set servers=8.8.4.4
/ip firewall filter
add action=accept chain=forward connection-state=established,related
disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-port=25565 in-interface=pppoe-out1
protocol=tcp to-addresses=192.168.0.100 to-ports=25565
add action=masquerade chain=srcnat out-interface=pppoe-out1
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name= **
I have a DCHP server also enabled on my AP, should that be turned off? If the DCHP server isn't enabled on my AP then my router doesn't assign IP's to a new device and I have to add them manually.
If your device has a serial port, then use that for accessing the device. Ie. by using the serial cable and a serial terminal program. Then you can login via the CLI and fix the config setting…
Thanks for your response but I managed to fix it.