hello,
I have a configuration like this on a CRS326
|internet| <— |ISP modem/router| <---- | CRS326 WAN port |
On the CRS326 I have a couple of VLANs, and the CRS has the ip 192.168.1.123 (modem subnet) assigned on the WAN port. Some VLANs are already able to reach the internet (src nat).
What I need now, is the ability to make accessible an host in the VLAN1 (10.10.30.1/24) from the internet, how can I do that?
thanks in advance.
Your explanation is lacking, please provide a diagram.
As well your configurations
/export file=anynameyouwish ( minus router serial # )
Look for port forwarding. Since your WAN address is a private one, you will need to set up port forwarding (or 1:1 NAT a.k.a. DMZ) on the ISP modem itself, or maybe set the modem to bridge mode and terminate the PPPoE on the CRS if that’s possible with your modem and if your ISP does use PPPoE at all. If the modem doesn’t have a public IP either, you’ll have to run a virtual router (CHR) somehwere in cloud, build a VPN tunnel to it, and set up port forwarding from that virtual router.
hi,
no I cannot use modem as bridge, it is not supported. And the modem has a public IP
Yes I know I have to enable the port forwarding on the modem too, but what I need to do on the CRS?
attache you can find the exported conf, I need that an host in VLAN_IOT can be accessible from internet on a given port
cfgcfg.rsc (5.47 KB)
Port forwarding is a subset of a larger functionality called Destination NAT.
https://help.mikrotik.com/docs/display/ROS/NAT
https://help.mikrotik.com/docs/display/RKB/Port+forwarding
https://forum.mikrotik.com/viewtopic.php?t=179343
/ip firewall nat add chain=dstnat in-interface-list=WAN dst-port=xxx action=dst-nat to-addresses=ip.of.the.device.in.vlan
You can add also to-ports=yyy if you need to redirect the connection to a different port number than xxx.
cool, that works, thanks!