Port Forwarding

CyberDaeng · December 18, 2019, 10:21am

Hi, Im new with Mikrotik and I hope someone can help me guiding for Port Forwarding. I try to setup port forwarding scenario but it seems doesnt work at all. So my current Office networking is as follow.

Our Internet Provider from our Local Telecom company using Huawei ONT Model HG8245H and the local IP for this ONT modem is 192.168.100.1, internet IP is dynamic so I used DDNS configured in the ONT Modem. From this ONT modem, it connect to our Mikrotik Port 1 with DHCP IP 192.168.100.2.

I have setup the LAN in our Mikrotik with Local IP 192.168.111.0/24.

The question is, do I need to create Port Forwarding from my ONT Modem or the Mikrotik? Because I have try to create Port Forwarding in IP > Firewall > NAT > using dstnat but somehow its not working. Probably I miss something.

So hope someone kind help me with this. Thanks…

ingdaka · December 18, 2019, 2:59pm

On this case best solution for me is to Activate DMZ to ONT with IP 192.168.100.2 and then make portforward in Mikrotik!

anav · December 18, 2019, 3:12pm

I am confused, if the ONT is providing you with a static LAN type IP address its acting as a modem/router not a modem.
I have an ONT as well from my ISP provider and I take the cable from the ONT direct to my Mikrotik and the MT gets a WANIP as expected ( via a specific VLAN ).

Does the ONT actually then connect to a different device (ISP provided router) then to your mikrotik?
If its an all in one device not sure what is best? Can you ask your ISP to simply pass on (pass through mode) the WANIP ?

ingdaka · December 18, 2019, 9:42pm

In some cases you can’t do it! In my case for example, I have the same situation ISP > ONT > Mikrotik
My ONT firmware work as ONT Router and can’t be configured as bridge so I cannot config my Mikrotik with VLAN to get IP from ISP.

anav · December 19, 2019, 4:44pm

Understood! When the technician came to upgrade an OLD ONT and router with the new ONT all in one unit (modem/router as you describe), I told the tech NOT to install the new one designed for one stop shopping home use. Instead he gave me a new one but without all the bells and whistles, an updated ONT modem only. Thus I would go back to the ISP provider and see if they can provide you with a different model. The ISP provider should not have anything to do with your HOME NETWORK other than providing the WANIP, anything else is invasion of your privacy IMHO.

Zacharias · December 19, 2019, 4:58pm

You can either enable DMZ on your ISPs router as said before, with destination address the address of the MikroTik router or you can port forward as follows :
Lets say you have a device in your Lan with IP address of 192.168.111.111 that listens to port TCP 5678…
Then you can portforward from your ISPs router the port 5678 to your mikrotik routers IP and then port forward the port 5678 from the Mikrotik to the device with IP 192.168.111.111… so simply the first portforward is to the Mikrotik and then from the mikrotik to the actual device…