Hi,
I am very new to Mikrotik. I have an installation that was not done by me. Basically I have a device on the LAN IP 192.168.88.10 that needs to be able to accept and initiate traffic on port 443. I am really unsure on how to do that using the WebFig. I have gone to IP > Firewall > NAT and see some rules for other devices like the cameras at this house but still not sure how to set it up.
I don’t want to accidentally route all 443 traffic to 192.168.88.10.
I’ve figure out how to open the port broadly. Now when I go to yougetsignal.com it says the port is open. Just not sure how secure this is and if there’s a better way?
I set the Chain to input > Protocol TCP > Any. Port 443.
The security must be provided by the service itself, ie. by the application on your PC or server operating at that port.
It seems you are operating a web server or a similar application that uses SSL/TLS encryption. Port 443 is usually https (but can also be an other application), ie. it’s secure due to the encryption, but depends on the application. Since we don’t know the application we can’t judge.
On the other hand port 80 (http) does not encrypt the traffic, it’s not secure.
None of the devices I have needed me to port forward anything if the traffic originates on the lan behind the router.
But what you are looking for is destination nat.
Where you say any body coming at the router unsolicited (originating externally) and using port 443 shall get routed to the IP of your choice.
If the request originates behind your LAN only, no extra rules are required just lan to wan internet needs to be allowed.
Just to clear up the usage. I am an AV integrator and there is a RTI control processor (rticorp.com) in a rack that controls all the devices in the house. Lights, TV’s, music, shades, etc. There are drivers in the system file that are utilized to control certain things. One of the drivers is a weather driver. I have been told by RTI tech support that for the Weather driver to work port 443 needs to be open. I believe so that the driver can communicate with the weather service (weather underground - wunderground.com).
I have opened the port but I am still not getting a connection with the weather service. I may need to reboot the RTI processor or something. I haven’t been able to because the client has been at the house. I will be going onsite tomorrow to try and get it working.
I just wanted to make sure I am doing it right. I don’t think I want to forward all 443 traffic to the RTI processor. That would cause 443 communication to break on any other device right?
No it should not.
You are okay to forward port 443 to that device and it will not interfere with any 443 traffic that originates on the LAN going to the WAN.
What you are talking about is external coming in.
That’s the problem with confusing statements like this. There are outgoing connections from device to internet and incoming connections from internet to device. While “port needs to be open” makes sense for both, it’s really two completely different things.
In first case it just means that you must not block outgoing connections (some restricted networks may do that). Second case means that either the device itself must have public address, or you need to forward ports from public address to device’s internal address, and in both cases all involved firewalls must not block the port and connections must be able to reach service running on device.
If the device just needs to download some data, I’d guess it’s the first case. But unless you blocked it, it’s allowed by default.