I have a problem with port forwarding when WAN is set to DCHP client.
I have a RB433 with RouterOS 4.11
How to set port forwarding when I have WAN as DHCP-client and other ethers are bridged and set as DCHP-servers.
Could someone help me. Thx.
Just refer to the in-interface, IP protocol, and probably port number in the destination NAT rule.
As a way of example, this would forward RDP traffic to 192.168.1.2, assuming the WAN port is called ‘WAN’:
/ip firewall nat
add chain=dstnat in-interface=WAN protocol=tcp dst-port=3389 action=dst-nat to-address=192.168.1.2
is there possibility to forward all ports?
Exclude protocol= and dst-port= from the the command to forward all ports.
Thx much I will try it 
Hmm no function can it be because I have another rule?
I need it for television in VLC player.
I paste here codes witch Im using for interfaces:
/interace bridge
add name="LAN"
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=wlan1
/ip address
add interface=LAN address=192.168.1.1/24
/ip route - NOT SET dhcp-client makes this automatically
add dst-address=0.0.0.0/0 gateway=68.xxx.xxx.1
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.30
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface="LAN" lease-time=3d name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.1.0/24
/ip firewall nat
add chain=srcnat action=masquerade scr-address=192.168.1.0/24
You did not add fewi’s rule. Add the rule he suggested and omit the dst-port.
WARNING! If that is the only ip on the WAN interface, which it appears to be, you will be unable to connect to the router using the public address. I suggest forwarding only the ports you need.
So u tell me to remove src-nat? because if I set:
chain=dstnat action=dst-nat to-addresses=192.168.1.29 in-interface=ether1
Nothing happen .
You need the masquerade also (src-nat). What port are you trying to forward? And what is “nothing happened”? How are you checking? If you are trying port 80 (http), are you certain your ISP does not block port 80 access for dhcp clients? Without that rule, do you get the Mikrotik Webbox login page?
With the rule you entered, you should only be able to connect to 192.168.1.29 from the internet. And ether1 is your WAN interface?
Sure ether1=WAN set to dhcp-client but also I have there a default ip 192.168.88.1/24
IP 192.168.1.29/24 is IP which i got from dhcp-server I mean from BRIDGE LAN
Im trying to open TV in VLC player - normally it is OK if im not using router
Winbox is OK
Remove 192.168.88.1 from ether1 in “/ip address”. That will cause the srcnat to malfunction. The only address should be the one issued by your isp.
OK I removed second IP but no help I have this:
0 chain=srcnat action=masquerade src-address=192.168.1.0/24
1 chain=dstnat action=dst-nat to-addresses=192.168.1.29 in-interface=ether1
ether1=WAN
What are you trying to determine it is not working? A web browser? SSH or TELNET from a shell? FTP from a FTP client? What happens when you try? 404 error? “Unable to connect”?
GOOD I read that NAT is not allowed on TV so sry for error but is there any possibility how to try if port forwarding really works?
If the TV can’t have a NAT, then it needs to be connected directly to the modem. Or through a switched port on your router. What ethernet ports are you using? If you are not using ether3, then connect ether1 and ether3 as a switch.
/interface ethernet
set ether3 master-port=ether1
Your ISP may be able to provide two ips for your connection. You could set the first on you TV, and the second ip on your router. Is that acceptable?
I should try but i have only 1 dynamic ip because it using MAC addresses to set it. Or I can have two IPs for two mac addresses but cant be together joined to network shit 
.