I can't open the ports forwarding!

marosticasrl · April 11, 2020, 12:49pm

Hi everyone, I just bought a new mikrotik router, I am very new in this environment (in configuring the mikrotik routers), in essence, I have a server, and I created a virtual machine with Hyper-V, which was connected through one virtual switch to the Server network, the ip of the virtual machine is 192.168.88.102. The server ip is 192.168.88.252.
the ip of the mikrotik router is 192.168.88.1

I have to open port 80, 8080, 2087, 2083, 443 in TCP

but I can not! I have tried every command and method, please help me.

Thank you. I leave you the compact export of the router configuration, practically there are the default settings and I only configured the PPPoE connection in eth1.

And also… how can i configure the wireless?

# apr/11/2020 14:48:21 by RouterOS 6.43.16
# software id = DI0N-3PZP
#
# model = RB3011UiAS
# serial number = B88E0BB9A60E
/interface bridge
add admin-mac=C4:AD:34:2F:39:49 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    password=mypassword*** service-name=EOLO use-peer-dns=yes user=WA3784783526
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=WebServer dst-port=80 protocol=tcp \
    to-addresses=192.168.88.102 to-ports=80
/ip service
set www address=192.168.88.0/24
/lcd
set time-interval=daily
/system clock
set time-zone-name=Europe/Rome
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

anav · April 11, 2020, 2:02pm

Error
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=
192.168.88.0
Should be
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
192.168.88.0
Missing
/ip firewall nat
add action=dst-nat chain=dstnat comment=WebServer dst-port=80 protocol=tcp
in-interface-list=WAN to-addresses=192.168.88.102 to-ports=80 (if the to port is the same as the destination port, not required its implied)

marosticasrl · April 15, 2020, 9:56am

Thanks! It’s work, but port 80 doesn’t work, because when I execute the connection via HTTP I see Webfig, how I can disable that? Thanks again, have a good day!

anav · April 15, 2020, 1:41pm

Yes but are you trying to access the server from within the LAN?
If so just use the LANIP of the server or if you want to test it ‘from the outside’ get a buddy to test it…

However if you want to force users on your LAN to access the server by using the WANIP of your router that is called hairpin NAT and requires some additions/modifications

marosticasrl · April 16, 2020, 8:47am

Hi, I tried to access from the outside and it works, many thanks. However, if possible, I would like to disable the Webfig and continue using WinBox.

Thanks.

Best Regards.