I am attempting to set up a router which will forward the port 80 request from my ISP’s static IP of 67.143.224.198 to my local web server on 192.168.0.10. When I access 67.143.224.198 from a web browser I am ble to see the router welcome page, but it is not forwarding to my local web server. I followed the instructions on page 40 in the MT manual to set up the NAT as shown below with no luck. If anyone could offer any suggestions, it would be greatly appreciated.

Eth1 = Internet1
Eth2 = Local2 DHCP Server

NAT
0 Chain=srcnat out-interface=interface1 action=masquerade

1 chain=dstnat in-interface=internet1 dst-address=67.143.198 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.10 to-ports=0-65535

IP Address
0 Address:67.143.224.198/30 Network:67.143.224.196 Broadcast 67.143.224.199 IInterface: Internet 1

1 Address:192.168.0.1/24 Network:192.168.0.0 Broadcast: 192.168.0.255 Interface: Local2

Routes
0 ADC DST-ADDRESS:67.143.224.196/30 Pref-SRC: 67.143.224.198

1 ADC DST-ADDRESS:192.168.0.0/24 Pref-SRC: 192.168.0.1

2 A S DST-ADDRESS: 0.0.0.0/0 Gateway: r 67.143.224.197

DHCP-SERVER

0 Nam:DHC Interface: Local2 Address-Pool:dhcppool1 Lease:3d

try modifying to-ports=0-65535 to to-ports=80

-Louis

Thanks for your response, but changing to port 80 doesnt seem to help.

dst-address=67.143.198

the IP looks kinda short

Can you ping local server from the router ?
Do you get it work from the local network ?

You are correct, I made a typo on the address. Should be 67.143.224.198

I will try to ping when I get home. Thanks for your help.

I reset the system, so some of the Ip's may be a little different than previous.
I am able to ping the local router (Local2) @ 192.168.0.1
I am able to ping the Static Internet side (Internet1) @ 67.143.224.198
When I hit the 67.143.224.198 from a web browser, I only get to the Mikrotik Router OS screen, it is not forwarding the port 80 to my web server.

The settings in the Linksys router I am replacing are as follows:

Linksys Settings
Static IP:
IP Address:67.143.224.198
Subnet Mask: 255.255.255.252
Gateway : 67.143.224.197


[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=internet1 src-address=192.168.0.0/24
action=masquerade

1 chain=dstnat in-interface=internet1 dst-address=67.143.224.198
protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.0.1
to-ports=80

2 chain=srcnat out-interface=local2 src-address=192.168.0.1
action=masquerade





[admin@MikroTik] ip address> pr
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 67.143.224.198/30 67.143.224.196 67.143.224.199 internet1
1 192.168.0.254/24 192.168.0.0 192.168.0.255 local2

[admin@MikroTik] ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf

DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE

0 ADC 67.143.224.196/30 67.143.224.198 internet1
1 ADC 192.168.0.0/24 192.168.0.254 local2
2 A S 0.0.0.0/0 r 67.143.224.197 internet1

Thanks for everyones help, I finally got it to work. It required adding an additona nat with protocol=UDP as illustrated below.

http://wiki.mikrotik.com/wiki/Talk:Forwarding_a_port_to_an_internal_IP

ip firewall nat add chain=dstnat dst-address=aaa.aaa.aaa.aaa protocol=tcp dst-port=bbbb
action=dst-nat to-addresses=xxx.xxx.xxx.xxx to-ports=yyyy
ip firewall nat add chain=dstnat dst-address=aaa.aaa.aaa.aaa protocol=udp dst-port=bbbb
action=dst-nat to-addresses=xxx.xxx.xxx.xxx to-ports=yyyy


[admin@MikroTik] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=internet1 src-address=192.168.0.0/24
action=masquerade

1 chain=srcnat out-interface=local2 src-address=192.168.0.1
action=masquerade

2 chain=dstnat dst-address=67.143.224.198 protocol=tcp dst-port=80
action=dst-nat to-addresses=192.168.0.1 to-ports=80

3 chain=dstnat dst-address=67.143.224.198 protocol=udp dst-port=80
action=dst-nat to-addresses=192.168.0.1 to-ports=80