hi
my public ip is looks like this http://33.23.146.28/
how can i use this type of ip address for forwarding port?
can i use it as destination ip address?
i have to forward some ports for Xbox Live
i have router os SXT 5HnD
sorry for my noob question
/ip firewall nat add disabled=no comment="dstnat http sever" chain=dstnat dst-address=33.23.146.28 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.10
/ip firewall filter add disabled=no comment="allow http" chain=forward dst-address=192.168.1.10 protocol=tcp dst-port=80 action=allow
/ip firewall filter add disabled=no chain=forward src-address=192.168.1.10 protocol=tcp src-port=80 connection-state=established action=allow
Does this sound like what you’re after? There are more details at http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT.
The wiki is full of information if you’re just now learning about MikroTik.
Thomas
Thanks for the replay
is that all i should do?
/ip firewall nat add disabled=no comment="dstnat http sever" chain=dstnat dst-address=33.23.146.28 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.10
but what is
disabled=no comment="dstnat http sever"
i can’t find it
and what’s is to-address=192.168.1.10 becuase i just found my local address is 159.147.146.**2 or i should use 192.168.1.10?
sorry for my noob qustions
“disabled=no” just means that the rule is enabled and running. You can disable a rule if you want by changing the value to “yes”.
“comment” is just a comment. It’s a way of labeling rules so that you can easily find them later. It makes it more human readable.
159.147.146.**2 is a publicly routable address. Which means it’s capable of being an internet-ready address. I listed 192.168.1.10 as the “server” address simply as an example. Most people use something on the 192.168.1.0/24 network, or something similar, for their LAN addresses. If you have a reason for using the public address on your LAN, and are capable of routing internet traffic to it, then by all means use it. However if you have no reason to route a public address (or do not have that public address assigned to you by your ISP), I would suggest assigning a non internet routable address to all devices on your LAN. http://en.wikipedia.org/wiki/Ipv4#Private_networks will provide you a list of addresses that are not internet-routable, and also give you a brief overview of some networking background concerning this. If you assign 192.168.1.101 to the device receiving the HTTP connection, then you’ll have to adjust the firewall rules that I listed for you accordingly. Or with any other address, of course.
Thomas
thanks
my english is too bad coudn’t understand all 
that’s what i’m going to
chain=dstnat dst-address=33.23.146.28 protocol=tcp dst-port=3074 action=dst-nat to-addresses=192.168.1.10
Looks good to me. Just don’t forget to add filter rules to allow the connection. View my first response for info on the filter rules.
Let me know if you have any more questions.
Thomas
sorry but i don’t know how to enable it
I can’t see your image, but to enable a rule the ‘disabled’ value needs to be set to ‘no’.