Hey Guys,
I have a mikrotik router board RB433AH on v5.26 and behind it is a internal LAN with a few servers. 1 particular server with LAN IP 192.168.10.200 needs to allow inbound traffic from an outside internet static IP 8.8.8.8 on port 80. I thought I had this using winbox but I have intermittency and I would appreciate any help.
Thanks!
Help me open port 80
You do not have the required permissions to view the files attached to this post.
Re: Help me open port 80
You probably mean that your router has an external address 8.8.8.8 (confusing choice as example address, as it's well known one) and when someone tries to connect to that, you want it forwarded to internal 192.168.10.200.
If that's the case, just move it from Src. Address field to Dst. Address. And also make sure that ether1 is your WAN interface.
If you want something else, try better description.
If that's the case, just move it from Src. Address field to Dst. Address. And also make sure that ether1 is your WAN interface.
If you want something else, try better description.
Re: Help me open port 80
Sob,
Thanks for the reply. I just read my post and laughed pretty hard. I was up all night researching and when I wrote that post I was half asleep
sorry for the confusion! I can't believe i used google dns as an example!
Anyway.. so let me clear up and let me know if your reply still applies correctly to my situation.
I have a user in Chicago with Static Public WAN IP of 20.20.10.40
I have a server in Los Angeles with Static Public WAN IP(ether1) of 30.20.30.49 and Static LAN IP(ether3) of 192.168.10.200
I want the user in Chicago to access the server in Los Angeles on port 3090.
I hope I clarified my issues
Thanks Again!
Thanks for the reply. I just read my post and laughed pretty hard. I was up all night researching and when I wrote that post I was half asleep
sorry for the confusion! I can't believe i used google dns as an example!Anyway.. so let me clear up and let me know if your reply still applies correctly to my situation.
I have a user in Chicago with Static Public WAN IP of 20.20.10.40
I have a server in Los Angeles with Static Public WAN IP(ether1) of 30.20.30.49 and Static LAN IP(ether3) of 192.168.10.200
I want the user in Chicago to access the server in Los Angeles on port 3090.
I hope I clarified my issues
Thanks Again!
Re: Help me open port 80
Here is what you want if I am understanding you properly.
You do not have the required permissions to view the files attached to this post.
Re: Help me open port 80
Jmay's example is perfectly correct and will work.
I'd like to add that in general, it's good to get into the habit of using the filter table to limit access to something, instead of making a very narrow NAT rule. So instead of putting the Chicago user's public IP in the src-address field of the NAT rule, leave that field empty and create a rule in the filter table, forwarding chain:
chain=forward src-address=20.20.10.40 dst-address=192.168.10.200 protocol=tcp dst-port=80 action=accept
Be sure that there's a default deny rule in the forward chain.
You could even extend this rule further by using src-address-list=approved_web instead of src-address=
and then create an address list named approved_web and add each approved remote user of the web pinhole to that address list.
I'd like to add that in general, it's good to get into the habit of using the filter table to limit access to something, instead of making a very narrow NAT rule. So instead of putting the Chicago user's public IP in the src-address field of the NAT rule, leave that field empty and create a rule in the filter table, forwarding chain:
chain=forward src-address=20.20.10.40 dst-address=192.168.10.200 protocol=tcp dst-port=80 action=accept
Be sure that there's a default deny rule in the forward chain.
You could even extend this rule further by using src-address-list=approved_web instead of src-address=
and then create an address list named approved_web and add each approved remote user of the web pinhole to that address list.
Re: Help me open port 80
Jmay,
You rock...The screenshot actually helped me understand how the process now works and where I went wrong.. thanks again!
Zerobyte,
That makes complete sense!.. since I need to add a total of 6 different IP's, then I can add them to the address pool rather than create separate rules! thanks for clearing things up for me.. Amazing!
Thank You Both Very Much.
You rock...The screenshot actually helped me understand how the process now works and where I went wrong.. thanks again!
Zerobyte,
That makes complete sense!.. since I need to add a total of 6 different IP's, then I can add them to the address pool rather than create separate rules! thanks for clearing things up for me.. Amazing!
Thank You Both Very Much.
Who is online
Users browsing this forum: Bing [Bot] and 105 guests