Hi,
I am new to the MikroTik, having inherited it. We have a few machines behind the firewall that are accessed through remote desktop. I see the NAT records for those machines, using ports 3395 - 3399. I have been tasked with adding another machine, so I created another NAT record for the new machine using the documentation. However, no matter what I do, I can’t connect to the machine from outside the firewall.
Also, if I edit one of the existing NAT records to point to the IP address of the new machine, I can’t connect then either.
I have read many comments that say that you have to reboot the router if you change a NAT that has already had a connection, but what about newly added ones? Or is there a way to save the change other than just creating the NAT?
Also, how do you reboot the router from WinBox or the Webfig?
I think you need 2 rules: first, a dst-nat in nat chain and second a forwarding rule in filter chain. Let’s say that for new machine you wish to alocate port 4000, on mikrotik router, and fordwaring the remote desktop to your new machine 192.168.0.10 on which remote desktop is listening on 3389:
dst-nat rule for your destination machine inside your lan ( in our example 192.168.0.10/24)
Do not forgive to replace {your_wan_interface} with your real wan interface { ether1, pppoe-out1 .. etc) as well as new machine real ip ( not 192.168.0.10) and move rule 2. above any “drop” rule into filter chain, if any.
make sure that machine has Internet access via that router
you are wrong. this is only needed for accessing router’s services (like WinBox, Web Proxy, DNS Server, etc.). all traffic through the router (from the Internet to LAN machines and back) goes via ‘forward’ chain
I won’t google for you