HI All! I’m new at MikroTik from Argentine, and I have some problems about port forwarding. I have a simple web cam at port 80 and I try to watch it from external (WAN) connection with no success. Of course it works on LAN.
I’m uging Menu → IP → Firewall > add Chain = INPUT Dst. Address = “My internal cam IP” Protocol=TCP Scr. POrt=120 Dst. Port =80 Action=Accept.
Can somebody help me pleasE? I try with many other options wit no success
Once I make some changes and click “Apply” it has instant impact? (I suposse Its not need to reboot)
Thanks in advance!
Sorry for my poor English please!
/export file=anynameyouwish ( minus router serial number, any public WANIP information )
It should be quick to find the issue!
also.
a. confirm you are using LANIP of server to reach from LAN?
b. confirm you have a public IP address (static or dynamic)
OR
you have an ISP router that has a public IP address and you can port forward from the ISP router to the MT router.
sorry you mean I share dump code? Not sure if its ok due forum politics. Im no problem. I read it bu not sure to see nothing estrange.
Since about 10 years i have been doing this without problem. My old router crashes so I bought a new one. So I KNOW I can do this. I like my MikroTik it’s very fast!
a) not sure. I can see the camera from LAN
b) I have public IP 152.170… (changes weekly or so) This is why I need a DDNS too (cannot make it work neither)
c) I suposse withb) is answered
THANKS!!!
//
//
/export file=anynameyouwish ( minus router serial number, any public WANIP information )
It should be quick to find the issue!
also.
a. confirm you are using LANIP of server to reach from LAN?
b. confirm you have a public IP address (static or dynamic)
OR
you have an ISP router that has a public IP address and you can port forward from the ISP router to the MT router.
[/quote]
HahHahah
Not probem to me.. nothing important. As i said before IP changes weekly or so… I have a DDNS and password. I’m not member of secret service
THANKS for your repply
Please share your public IP besides the config, so we can watch the camera as well
Meaning…are you sure you want to have a camera publically available? Have you considered a more secure solution like VPN?
[/quote]
I would revise the following:
From: add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
add action=passthrough chain=forward comment=CAM dst-address=192.168.88.30
dst-port=80 protocol=udp src-port=120
TO: add action=accept chain=forward comment=“internet traffic” in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment=“port forwarding” connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else:
For the port forwarding rule one needs to add the following:
/ip firewall address-list
add address=mynetname.net list=MYWAN comment=“resolve my WANIP using IP cloud”
As noted, this makes your cameras susceptible to hacking from the outside and is not recommended,
Can you not use wireguard vpn, to access the router and then the camera??
Who is accessing the camera and from where and how( app, IP address??)
HI anav!
Thanks a lot!!
sadly still doesn’t work but
I cannot import the configfile so I added it by advanced menu
I DELETE
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
AND I DELETE
add action=passthrough chain=forward comment=CAM dst-address=192.168.88.30
dst-port=80 protocol=udp src-port=120[/size][/i][/b]
AND I ADD
add action=accept chain=forward comment=“internet traffic” in-interface-list=LAN out-interface-list=WAN
AND I ADD
add action=accept chain=forward comment=“port forwarding” connection-nat-state=dstnat
AND I ADD
add action=drop chain=forward comment="drop all else:[/i]
IN MENU IP → firewall → address-list
I ADD
add address=mynetname.net list=MYWAN comment=“resolve my WANIP using IP cloud”[/i]
(replace mynetname.net for xxxxxxx.xxxxxx.mynetname.net
(MYWAN is a new nae. is ok that or mus I replace it with some internal REAL name?
FINALLY in menu IP → firewall → nat
I ADD
add chain=dstnat action=dst-nat dst-address=MYWAN dst-port=80
protocol=tcp to-address=192.168.88.30
(I change dst-addres (an IP number) for Dst. Address List (it uses the MYWAN name)
(no source port?)
As noted, this makes your cameras susceptible to hacking from the outside and is not recommended,
OF course I understand this But I dont know a better option, that I can use
Can you not use wireguard vpn, to access the router and then the camera??
I have no idea
Who is accessing the camera and from where and how( app, IP address??)
Only me access the CAMERA , from a phone with an app so I need an IP or domain name to get directed. The app name is “ipcamviewer”
So you are using a third party APP to access your feed.
Have you thought about the fact that you have to forward a port on your router to everyone in the world…
I have three different types of video cameras in the house and I dont forward a single port and I also use an APP to view them.
In other words, you should stop immediately what you are doing and remove the port forward and setup a wireguard connection to your router (not hard), and then you can view the cameras from INSIDE your router/home.
HI and thanks
I understand but I DONT AGREE
why> simply. My cam onlyworks a little (fwe hours a day)
Its beyond ddns
user and key
It works and I konw how to do that
but learn hot to setup a wireguard connection, find a program to do tha , config and so on is beyond my time. Thats all. Im not the FED
thank you
(I will continue learning mikroik programing codes)
but