web server behind mikrotik cpe

RouterOS General
1

I have a Mikrotik cpe unit which hands out ips on the LAN side in the range of 90.0.0.100-199. There is a web server on the LAN with a static ip of 90.0.0.11. I have given the WAN side of the CPE unit a PUBLIC IP address. The customer would like to have port forwarding set up for the following ports, 80, 25, 5900, 5800 & 5500. When someone types in his public address into their browser he wants it directed to his web server. How would I go about doing this?

2

Hi,

I use this, for apex and emule, you can use the same, but change ports, Local IP and Public Interface.

==============================================================
0 chain=srcnat action=masquerade

1 ;;; Apex TCP
chain=dstnat in-interface=pppoe-out1 protocol=tcp dst-port=3599 action=dst-nat to-addresses=192.168.0.99 to-ports=3599

2 ;;; Apex UDP
chain=dstnat in-interface=pppoe-out1 protocol=udp dst-port=6007 action=dst-nat to-addresses=192.168.0.99 to-ports=6007

3 ;;; Emule TCP
chain=dstnat in-interface=pppoe-out1 protocol=tcp dst-port=4662 action=dst-nat to-addresses=192.168.0.99 to-ports=4662

4 ;;; Emule UDP
chain=dstnat in-interface=pppoe-out1 protocol=udp dst-port=4672 action=dst-nat to-addresses=192.168.0.99 to-ports=4672

Regards,
Fran.

3

One problem here. Your LAN addresses are also public and allocated to wanadoo.fr.

Regards

Andrew

4

So should I change the lan ip range?

5

Yes. Stick to one of the private address ranges specified in rfc1918.

In your case, change the 90 to a 10 and you’re fixed.

Regards

Andrew

6

Sorry if this sounds stupid, But I take it I only require 1 of these rules for what I am doing and not multiple ones like you use? Am I right in saying that I go into IP -->FIREWALL -->NAT and input these settings?

7

…And I would also like to add that i am using dhcp and not pppoe. So what interface do I specify, ether or wlan?

8

You need separate rule per each port number, in-interface in the particular example is used as public interface of the router.

9

I have set up all settings as described. But when I type in the customers public ip address, I get the Mikrotik page, this should be the server behind it should it not?
I specified tcp for every rule and never udp.

10

The server behind the Mikrotik unit is a windows server. Can someone show me an example please. I know when I punch in the Public IP I should be getting this but im only getting the Mikrotik page.

11

yes,
when you are correct config nat destination and forward to your local server e.g port=80
that config will killed mikrotik’s default page. so sorry Mtikrotik … :wink:

regards
Hasbullah.com