Port forward on port 80 (http)

RouterOS Beginner Basics
1

Hi guys,

I’m trying to port forward all INCOMING connections on port 80 to an internal server ip using a dst-nat rule. This works, but once I got the nat rule in place I can’t make OUTGOING http connections (basically surfing the web).

What other rule do I need to add to be able to port forward INCOMING connections on port 80 and still be able to access the web?

Thanks for your help.

B

NAT Problems: Port Forwarding/Hairpin - Port 80 redirected
2

set up dst-address in that rule, it seems that you are forwaring all connection to port 80 to your web server, not only inbound connections from outside world

3

Hi,

Thanks for your time and reply. But it seems that does not solve it.

I did add a dst address to it but it still seems to be the same tho.

4

How are you connected to Internet, (leased line, ADSL, Cable…)?

If It is ADSL you may have a problem with MTU.

Basic principle to Connect your Home Network to xDSL Line is explained here:
http://wiki.mikrotik.com/wiki/How_to_Connect_your_Home_Network_to_xDSL_Line

Most important details are:

#Creating pppoe interface and ADSL internet connection

/ interface pppoe-client
add name=“pppoe-out1” max-mtu=1480 max-mru=1480 interface=ether5
user=“USERNAMEl” password=“PASSWORD” profile=default
service-name=“” ac-name=“” add-default-route=yes dial-on-demand=no
use-peer-dns=yes allow=pap,chap,mschap1,mschap2 disabled=no


#Adding Source NAT for Internet access

/ ip firewall nat
add chain=srcnat src-address=YOUR NETWORK ADDRESS/MASK action=masquerade comment=“”
disabled=no

#Adding Destination NAT for WEB server access

/ ip firewall nat
add chain=dstnat in-interface=pppoe-out1 protocol=tcp dst-port=80
action=dst-nat to-addresses=YOUR SERVER ADDRESS to-ports=80 comment=“”
disabled=no

#Setting mangle for ADSL (works with T-Com…)

/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss
new-mss=clamp-to-pmtu comment=“ADSL Internet” disabled=no


Hope it will help

Best regards

Satman

5

Hi satman1w

I tried your MSS rule, and it really seems to have made a huge difference. I really have to thank you for adding that rule.

Could you perhaps provide some info on how you got to that rule? I would like to understand the working of MSS a bit better, as the MT Manuel doesn’t say much about it.

One more question, in your PPP Porfile, should change-mss be yes or no, or will “your” mangle rule override the PPP Profile’s MSS setting?

I’m in South Africa, and that rule even works on our ADSL Lines.

6

Dear friend,

I am realy glad that my post was of any help to you. Hope to be able to help again… :slight_smile:

Now I would like to tel you something smart about the “rule”, but I have “bought” it as is (same as you…) from my friend who is SysAdmin in one Croatian magazine. As soon as I discovered that the “rule” works for me I decided not ask any questions :slight_smile:))

No, I have no explanation, but I woul also like to learn more about it since all my configurations are made by “the book” or by clever advices from people with more experiance.

Best of luck


Satman

7

Hi guys.
I’ll revive this (very) old post because I’ve the SAME problem that BlueSting. But the only difference is that you offer a solution for a ADSL connection.
I’ve Cable connection. So I don’t know if the solution is different or not.

I make the rule as janisk said, but I can’t still access the web via a simple browser.

There is a simple way to do this?
I’ve another ports forwards working flawlessly, but the 80 is a problem.

OS: MikroTik RouterOS 6.33

Thanks a lot!