Community discussions

 
dmb
just joined
Topic Author
Posts: 5
Joined: Tue Nov 01, 2016 2:11 pm

Can't get simple port forwarding working

Sun Nov 05, 2017 5:35 am

Hi there,

I'd like to achieve a pretty basic configuration which can be easily setup on almost any kind of home router.
I have an external IP given by my ISP.
I'd like to forward certain ports to ports of local machines.
For example, I'd like all traffic coming to <external_ip>:80 to be forwarded to 192.168.0.1:80 (would be nice to set this up for requests coming from both external and internal requests)
Another example, <external_ip>:8990 -> 192.168.0.20:5900
And so on.
My ISP cable is connected to port 1 (ether1).
The internal IP address of the router is set to 192.168.0.2.
The external IP address of the router is set to <external_ip>.

I reset my config to default and tried applying rules from https://wiki.mikrotik.com/wiki/Hairpin_NAT, however, it didn't work.
Here are the specific commands I executed:
/ip firewall nat
add chain=dstnat dst-address=<external_ip> protocol=tcp dst-port=80 action=dst-nat to-address=192.168.0.1
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat src-address=192.168.0.0/24 dst-address=192.168.0.1 protocol=tcp dst-port=80 out-interface=ether2 action=masquerade
None of the solutions I found on the forum or in the Internet seemed to work.
The best result I could achieve was: when entering <external_ip> from the outside of LAN, I was forwarded to MikroTik management interface, but that's totally different from what I was looking for.

The configuration of such a simple standard feature appears to be surprisingly complex with MikroTik :-(

Any help is highly appreciated!
 
payam124
Trainer
Trainer
Posts: 18
Joined: Thu Jan 07, 2016 11:44 pm

Re: Can't get simple port forwarding working

Sun Nov 05, 2017 7:52 am

what is the default gateway of the client (192.168.0.1)? is it set to be 192.168.0.2 (MikroTik internal IP)?
for the last line in your NAT configuration, assuming the internal nodes use 192.168.0.0/24, then it is not necessary, as all the nodes are located within a same broadcast domain. (i.e. layer 2 network)
 
dmb
just joined
Topic Author
Posts: 5
Joined: Tue Nov 01, 2016 2:11 pm

Re: Can't get simple port forwarding working

Sat Dec 09, 2017 4:25 pm

Thank you very much. The reason was the wrong gateway.

Who is online

Users browsing this forum: No registered users and 118 guests