The router is working fine otherwise and I'm using winbox to access it.
I want to set up a simple port forward for port 80 to my local machine and I don't have a wan static ip address.
The router setting are pretty bone stock -- I didn't change anything that I didn't have to.
Here's where I'm stuck:
Issue #1: The online tutorials I found all state for me to use dst-nat in the Chain dropdown
But there is no dst-nat option in that dropdown, only: incoming, outgoing, and forward.
Issue #2: The online tutorials I found all state for me to use dstnat in the Action dropdown
But there is no distnat in the Action dropdown -- there are plenty of others, too many to list.
Issue #3: I found the console command to add the firewall rule for port forwarding, but it returns an error
I tried the following in the console:
/ip firewal nat add chain=dstnat dst-port=80 action=dns-nat protocol=tcp to-address=192.168.88.100 in-interface=ether1-WAN
But it returns with an error at column 53, which is where the action dns-nat starts.
So, how do I do this very simple thing?
Thanks in advance.
Re: port forwarding - can't figure it out
There is a lot of garbage/noise on the internet regarding mikrotik setups
For port forwarding you need one rule in firewall filter rules - to basically say to the router, please allow any dstnat packets through the firewall.
In the firewall nat rules is where you make the individual port forwarding rules (dstnat).
Note that when you make these rules the ports on your router will be visible on scans but shown as closed.
Much better to have a source address list (WANIPs of folks allowed to access those ports) as when you do the ports are not visible on scans.
I do have a question, what requires you to forward port 80?
Just to confirm.....
/ip firewall nat
add action=masquerade chain=srcnat comment="SCR_NAT for LAN Users" \
out-interface=ether1-WAN
Your rule appears to be correct.
Would have to see a config before commenting further.
/export hide-sensitive file=yourconfig
For port forwarding you need one rule in firewall filter rules - to basically say to the router, please allow any dstnat packets through the firewall.
In the firewall nat rules is where you make the individual port forwarding rules (dstnat).
Note that when you make these rules the ports on your router will be visible on scans but shown as closed.
Much better to have a source address list (WANIPs of folks allowed to access those ports) as when you do the ports are not visible on scans.
I do have a question, what requires you to forward port 80?
Just to confirm.....
/ip firewall nat
add action=masquerade chain=srcnat comment="SCR_NAT for LAN Users" \
out-interface=ether1-WAN
Your rule appears to be correct.
Would have to see a config before commenting further.
/export hide-sensitive file=yourconfig
Re: port forwarding - can't figure it out
Issue 1 & 2: You are looking at the firewall rules. You need to go to IP > Firewall and then click the NAT tab. Then when you create a rule you'll see chain=dst-nat and action=dst-nat
Issue 3: Your action should be dst-nat, not dns-nat
Issue 3: Your action should be dst-nat, not dns-nat