We have a single public IP and want to give access to CCTV IP cams, servers and other stuff behind a MT box running level 6. We have tried various things in the firewall, setting up ports and corresponding internal IP’s but cant get it working. Probably doing something stupid. Any pointers are very welcome!
Port forwarding should work (there are plenty of examples of this here in the forum).
Or you could create some kind of tunnel from your outside client to the MikroTik (PPTP, IPsec, …) in order to be able to access the whole network on the “inside”.
Let us know if you need more detailed help for some steps…
Best regards,
Christian Meis
Christian, thanks. I’d welcome more help. I’m trying to avoid a tunnel as I want to allow ordinary public internet users access to IP cams and other stuff over the www.
Thanks, Martin
OK, then this should be a simple setup:
/ip firewall nat add chain=dstnat in-interface=ether1 dst-port=82 protocol=tcp action=dst-nat to-addresses=192.168.0.17 to-ports=80
This should forward requests to port 82 coming in on interface ether1 (which should be your public interface name) to the local address 192.168.0.17, port 80.
Does that help as an example?
Best regards,
Christian Meis
Hi, tried this, but can’t get the command accepted:
ip firewall> nat add chain=dstnat interface=eth01 dst-port=82 protocol=tcp action=dst-nat to-addresses=192.168.254.1 to-ports80
no such argument (interface)
Sure this is very obvious but I’d welcome your comments.
There are out-interface and in-interface,
this rule should work,
ip firewall nat add chain=dstnat in-interface=ether1 dst-port=82 protocol=tcp action=dst-nat to-addresses=192.168.254.1 to-ports=80