Hi folks, I’m quite new to working with RouterOS, I guess I’m doing something obviously wrong, but here it goes:
I have an Ltap Lte6 running RouterOS 6.49.8 with the default IP > Firewall > Filter Rules.
There is a SIM card in the router which provides the outside internet and it has a static IP (I know this is uncommon but my ISP is nice 
) let’s call this MY.STA.TIC.IP
So all incoming requests from the outside world comes through lte1.
I’d like to access the Mikrotik WebFig page from outside (from the local network it works without an issue) on port 3333 so as
And this should land me on http://192.168.88.1:80.
I follow the Port Forwarding docs on the mikrotik website and so go to IP > Firewall > NAT and set
Chain: dstnat
Protocol: 6 (tcp)
Dst.port: 3333
In.Interface List: all
Action: dst-nat
To Adresses: 192.168.88.1
To Ports: 80
And if I test this from the local network, so go to http://MY.STA.TIC.IP:3333/ I do get the WebFig page correctly, so things are looking good.
However if I do the same from an outside network it doesn’t work, nothing happens.
My guess is that the default IP > Firewall > Filter Rules somehow cut off outside requests completely so any outside request doesn’t even get to my NAT rules.
Is this correct?
If yes, which Filter Rule do I need to modify so that every outside request gets cut off as before EXCEPT the one to port 3333?
I’m guessing perhaps Rule #5 is the problem, that will drop everything not from the local network. But how do I modify this so that almost everything is still dropped? I’m asking for advice because I’m worried I’ll set up something which is not secure.
I’m attaching the default Filter Rules.
