Hello,
I want to forward port 80 and 443 (Public) to a server (Public).
/ip firewall nat add chain=dstnat dst-address=69.1.1.1 protocol=tcp dst-port=80 \
action=dst-nat to-addresses=68.1.1.1 to-ports=80
/ip firewall nat add chain=dstnat dst-address=69.1.1.1 protocol=tcp dst-port=443 \
action=dst-nat to-addresses=68.1.1.1 to-ports=443
I also tried adding
/ip firewall nat add chain=srcnat action=masquerade
I tried accessing the mikrotik public ip from the internet , before the rules I used to view webbox, after Connection timed out.
What am I doing wrong ? Thanks for your help !
-
-
ciphercore
Member Candidate
- Posts: 155
- Joined:
Re: Port Forwarding
From the terminal:
Post the output
Code: Select all
/ip firewall nat printCode: Select all
/ip firewall filter print-
-
ciphercore
Member Candidate
- Posts: 155
- Joined:
Re: Port Forwarding
Firewall -> NAT
This is what it would look like on my setup. 192.168.0.1 being my RB750G. This is only forwarding (winbox)8291, but 80/443 would be similar. The order of the rules is also important.
I'm still new to the Mikrotik way of doing things, but here is where I got most of my info.
http://wiki.mikrotik.com/wiki/Firewall
Code: Select all
1 ;;; Forward Winbox to router
chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=8291 protocol=tcp dst-port=8291
2 ;;; default configuration
chain=srcnat action=masquerade src-address=192.168.0.0/24 out-interface=ether1-gateway This is what it would look like on my setup. 192.168.0.1 being my RB750G. This is only forwarding (winbox)8291, but 80/443 would be similar. The order of the rules is also important.
I'm still new to the Mikrotik way of doing things, but here is where I got most of my info.
http://wiki.mikrotik.com/wiki/Firewall
Last edited by ciphercore on Wed Feb 24, 2010 4:04 pm, edited 1 time in total.
Re: Port Forwarding
I want to forward http requests comming from the public ( internet ) to a public webserver ( internet ).
Internet User ---(tcp 80)----> Router's Public IP ---(tcp 80)----> Internet Webserver
[admin@MikroTik] /ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 88.1.188.238/26 88.1.188.193 88.1.188.255 ether2
1 192.168.0.1/24 192.168.0.0 192.168.0.255 LAN
[admin@MikroTik] /ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether2
1 chain=dstnat action=dst-nat to-addresses=192.168.0.51 to-ports=3389 protocol=tcp
dst-port=3389
[admin@MikroTik] /ip firewall filter> pr
Flags: X - disabled, I - invalid, D - dynamic
[admin@MikroTik] /ip firewall filter>
To explain, I want when someone from the internet open http://88.1.188.238 to view my internet website. ( outside the network ex ip: 89.1.51.34 )
Currently, Users from the internet view Webbox when trying http://88.1.188.238.
After adding
ip firewall nat add chain=dstnat in-interface=ether2 protocol=tcp dst-port=80 action=dst-nat to-addresses=89.1.51.34 to-ports=80
Connection times out.
Any help is appreciated, thanks in advance.
Internet User ---(tcp 80)----> Router's Public IP ---(tcp 80)----> Internet Webserver
[admin@MikroTik] /ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 88.1.188.238/26 88.1.188.193 88.1.188.255 ether2
1 192.168.0.1/24 192.168.0.0 192.168.0.255 LAN
[admin@MikroTik] /ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether2
1 chain=dstnat action=dst-nat to-addresses=192.168.0.51 to-ports=3389 protocol=tcp
dst-port=3389
[admin@MikroTik] /ip firewall filter> pr
Flags: X - disabled, I - invalid, D - dynamic
[admin@MikroTik] /ip firewall filter>
To explain, I want when someone from the internet open http://88.1.188.238 to view my internet website. ( outside the network ex ip: 89.1.51.34 )
Currently, Users from the internet view Webbox when trying http://88.1.188.238.
After adding
ip firewall nat add chain=dstnat in-interface=ether2 protocol=tcp dst-port=80 action=dst-nat to-addresses=89.1.51.34 to-ports=80
Connection times out.
Any help is appreciated, thanks in advance.
Re: Port Forwarding
Thanks ciphercore, but you didnt get my point.
In your case you are forwarding RDP to a PC inside the network ( local ).
What I want is to forward a port to a PC outside the network ( public ).
Internet User ---(tcp 80)---> Mikrotik ---(tcp 80)---> Internet Webserver
In your case you are forwarding RDP to a PC inside the network ( local ).
What I want is to forward a port to a PC outside the network ( public ).
Internet User ---(tcp 80)---> Mikrotik ---(tcp 80)---> Internet Webserver
Re: Port Forwarding
sam7,
I tested and was able to accomplish I think what you want. I was able to "forward" tcp port 80 requests going to mypublicIP to another public IP(in this case www.google.com)
0
chain=dstnat action=dst-nat to-addresses=74.125.47.147 to-ports=80 protocol=tcp dst-address=mypublicIP dst-port=80
10 ;;; GLOBAL NAT RULE
chain=srcnat action=masquerade out-interface=ether1-WAN
I tested and was able to accomplish I think what you want. I was able to "forward" tcp port 80 requests going to mypublicIP to another public IP(in this case www.google.com)
0
chain=dstnat action=dst-nat to-addresses=74.125.47.147 to-ports=80 protocol=tcp dst-address=mypublicIP dst-port=80
10 ;;; GLOBAL NAT RULE
chain=srcnat action=masquerade out-interface=ether1-WAN
Who is online
Users browsing this forum: iDaemon and 115 guests