Hi i have a mikrotik rb751u-2hnd, i have in the ether3 a different ip address for apache webserver using ubuntu, im trying to make the apache webserver accesible from the outside from my public ip of my ISP, now i just can see the web locally using http://192.168.100.100 how i can forward or open port 80 to when i go to http://myispIP opens the apache webserver from the network 192.168.100.100?
How are you testing that?.. are you testing from behind the NAT? What do you mean “doesn’t work”?.. do you see any page? Does it timeout? What does the rest of your config look like… specifically the rest of the filter and nat tables. Post the exports.
Like efaden said how are you testing. If you are testing from inside, you also should create a ‘Hair-pin’ NAT rule.
Also check your firewall filter rules. You also must accept the connection there.
in my mikrotik i have a separate network with diff ip like 10.0.27.1 and i have a vmware machine with that ip and a webserver inside using apache, when i go to http://10.0.27.3 for example i can see the page, im testing in my own machine that have another ip 192.168.88.x, but if i go to my cellphone i try to point my public ip from my ISP example http://97.12.21.1 i cant see the website from http://10.0.27.3 i would like to make public the website from the ip 10.0.27.3 so i can access it remotely from a machine in other country or place.
its like when i had a linksys router for example i have a vmware machine with ip 192.168.2.2 then i just forward the port 80 for that ip then i can access my public ip form the outside or another country or device and see the website
ok i fix it by adding a masquerade rule for 10.0.27.0/24 and worked perfect, but im not sure is this the best way to achieve this? i have this right now:
Pretty sure you don’t really want to masq that way… but I did notice that your forward is set to default drop… you need to allow the port 80 traffic on forward for your dstnat to work.
yes ok, when im trying to achieve is, i have in 10.0.27.3 a webserver using apache i have a test website, i need to access that webserver using my public ip so i can access for example in other country or other device out my home network http://97.x.x.x so i can see the website, when i make the masquerade to 10.0.27.0 network, it worked perfect but when i disable it i cant see the website so now, i just can see the website from my own machine locally, but not in another computer or a friends computer.
its like when u have another router like linksys and in your pc u install apache to test websites but u need to access it via public ip, so you go to port forwarding and open port 80 and put the local ip of the machine, and then u can access public ip and see the test website. But i dont know how to achieve this using mikrotik
Right… but my question still stands. When you are testing to see if the port forward works… are you testing it from a computer inside of the firewall?.. or are you testing it from outside?
oh no, let me see now its working without masquerade, but how i can make it so i can see it from my own machine using public ip? or i just can use the private 10.0.27.0? thanks
Good it started working… couldn’t see any config problems so I was confused… you shouldn’t need to have a masq rule for dstnat… just the dstnat rule and possibly an allow in forward depending on your config.