hostname to ip:port

RouterOS Beginner Basics
1

Hello,
I need hostname “hello.website.com” to forward to 192.168.10.25:5520 in my LAN. How to accomplish that on my mikrotik?

Thank you.

2

Assuming that the URL is a website, you would have to forward port 80 and/or 443 (are you using certificate?) to internal IP 192.168.10.25 and port 5520, with TCP as protocol. Have a look at the wiki:
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Port_mapping.2Fforwarding

3

This is easily accomplished using dstnat. (your basic forwarding using the dst nat chain in ip filter firewall rules).

Assuming your users will be accessing your server via the domain name.
hello.website.com:XXXXX

Where XXXXX is the port number you want them to reach your router with.
Basically you need to ensure one firewall rule exists to allow port forwarding.
There is the default firewall rule that accomplishes this:

(1) add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed”
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

OR THE PREFERRED if you are comfortable in manipulating firewall rules changing this to…

add action**=accept** chain=forward comment=“allow port forwarding”
connection-nat-state**=dstnat** connection-state=new in-interface-list=WAN
add action=drop chain=forward comment=“drop all else”

This effectively separates the dual purpose of the default rule (stop wan to lan traffic and allow port forwarding) into two more clearly stated rules
of allow port forwarding, followed by stop all traffic not allowed above (wan to lan, lan to WAN and lan to lan).
In most cases one would need to add an ALLOW rule for subnets or bridge etc from LAN to WAN for internet traffic).

(2) You need to add a dstnat rule in the following format (assumes static IP)
add action=dst-nat chain=dstnat dst-port=xxxxx protocol=? dst-address=StaticIPofWAN
to-addresses=IPofServer to-ports=YYYYY (to ports only required if one wants to port translate the incoming port into a different port when traffic hits the server).

For a dynamic WANIP
add action=dst-nat chain=dstnat dst-port=xxxxx protocol=? in-interface-list=WAN
to-addresses=IPofServer to-ports=YYYY (same as above)

PS I would not use port 80 if not required as opening doors for such ports is not the most secure approach IMHO.
In any case if the server is expecting 80 , and you cannot change the server you can come in on port 15234 and translate it to 80…

4

I’m guessing you’re after a slightly more complicated setup than he one explained by @erlinden and @anav … so in case you want to forward

  1. hello.website.com (TCP port 80) to 192.168.10.25:5520
  2. and e.g. www__.website.com (TCP port 80) to 192.168.10.66:80 (different LAN server)

then this can’t be done on RouterOS alone. You would need a proper reverse proxy solution (available by many services running in Linux, such as apache, nginx or HAproxy), but that service would have to run on some linux server (real or virtual), a raspberry PI would do if you are not after some high-performance solution.

5

In my opinion, through a server that provides the necessary links between host name and IP address. The server is call Domain Name Server or DNS for short. Most ISP’s use their own DNS but there are public ones available as well that are probably faster. Google has two at IPv4 addresses 8.8.8.8 and 8.8.4.4 which you can change in your router.