Community discussions

MikroTik App
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

hostname to ip:port

Tue Jul 06, 2021 8:43 am

Hello,
I need hostname "hello.website.com" to forward to 192.168.10.25:5520 in my LAN. How to accomplish that on my mikrotik?

Thank you.
 
erlinden
Forum Guru
Forum Guru
Posts: 1921
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: hostname to ip:port

Tue Jul 06, 2021 9:01 am

Assuming that the URL is a website, you would have to forward port 80 and/or 443 (are you using certificate?) to internal IP 192.168.10.25 and port 5520, with TCP as protocol. Have a look at the wiki:
https://wiki.mikrotik.com/wiki/Manual:I ... forwarding
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hostname to ip:port

Tue Jul 06, 2021 4:02 pm

This is easily accomplished using dstnat. (your basic forwarding using the dst nat chain in ip filter firewall rules).

Assuming your users will be accessing your server via the domain name.
hello.website.com:XXXXX

Where XXXXX is the port number you want them to reach your router with.
Basically you need to ensure one firewall rule exists to allow port forwarding.
There is the default firewall rule that accomplishes this:

(1) add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

OR THE PREFERRED if you are comfortable in manipulating firewall rules changing this to....

add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="drop all else"

This effectively separates the dual purpose of the default rule (stop wan to lan traffic and allow port forwarding) into two more clearly stated rules
of allow port forwarding, followed by stop all traffic not allowed above (wan to lan, lan to WAN and lan to lan).
In most cases one would need to add an ALLOW rule for subnets or bridge etc from LAN to WAN for internet traffic).

(2) You need to add a dstnat rule in the following format (assumes static IP)
add action=dst-nat chain=dstnat dst-port=xxxxx protocol=? dst-address=StaticIPofWAN \
to-addresses=IPofServer to-ports=YYYYY (to ports only required if one wants to port translate the incoming port into a different port when traffic hits the server).

For a dynamic WANIP
add action=dst-nat chain=dstnat dst-port=xxxxx protocol=? in-interface-list=WAN \
to-addresses=IPofServer to-ports=YYYY (same as above)

PS I would not use port 80 if not required as opening doors for such ports is not the most secure approach IMHO.
In any case if the server is expecting 80 , and you cannot change the server you can come in on port 15234 and translate it to 80......
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: hostname to ip:port

Tue Jul 06, 2021 5:37 pm

I need hostname "hello.website.com" to forward to 192.168.10.25:5520 in my LAN. How to accomplish that on my mikrotik?

I'm guessing you're after a slightly more complicated setup than he one explained by @erlinden and @anav ... so in case you want to forward
  1. hello.website.com (TCP port 80) to 192.168.10.25:5520
  2. and e.g. www.website.com (TCP port 80) to 192.168.10.66:80 (different LAN server)
then this can't be done on RouterOS alone. You would need a proper reverse proxy solution (available by many services running in Linux, such as apache, nginx or HAproxy), but that service would have to run on some linux server (real or virtual), a raspberry PI would do if you are not after some high-performance solution.
 
chrisjones31
just joined
Posts: 1
Joined: Fri Sep 24, 2021 1:51 pm

Re: hostname to ip:port

Fri Sep 24, 2021 2:16 pm

In my opinion, through a server that provides the necessary links between host name and IP address. The server is call Domain Name Server or DNS for short. Most ISP’s use their own DNS but there are public ones available as well that are probably faster. Google has two at IPv4 addresses 8.8.8.8 and 8.8.4.4 which you can change in your router.

Who is online

Users browsing this forum: baragoon and 49 guests