Hi Guys

I have some doubts and i have searched on the forum for some specific information regarding my issue

i have found some old posts with some vague information, or perhaps i dit not understand it fully.


I will ask again is someone can point me on the right direction approach to what i am trying to acomplish

i have a small ISP licensed and due to the lack of IPV4 Public IPS running out in the world, here the country entities from the government

decided to supply only ASN and sell public IPs to ISPs with minimum 25% proof of clients in our infra-strucutre network of a /22 block

so that means i need to reach 256 clients first so i can request a ASN IPV4 Block of Public IPs..

i have just initiated the company and i have not reached that amount of customers, therefore i am not entitled.

So i have a few company clients that need to open ports, and have public domains sites running..

i need to for example that all ports 80 and 443 to be redirected specifically to the Internal IP of the client selected..


example public domain mycompany1.com published on my Public IP 18x.xxx.xxx.99 to redirect to my client specific Internal IP 171.400.400.100

and public domain jonh.company.com published on my public IP 18x.xxx.xxx.99 to redirect to my client specific Internal IP 171.400.400.185



also, at the same time i want to forward all traffic on all ports TCP and UDP that reach from jonh.company.com directly to IP 171.400.400.185

withou having to open specific dst-nat ports on firewall NAT for each client..



i read there is a way of forwarding DNS public to internal DNS on Mikrotik, therefore i have setup my network and mikrotik running DNS server internal with my IP 171.400.400.1


then on DNS static i have setup john.company.com to IP 171.400.400.185, so when someone tipes john.company.com on the web it redirects to my public IP 18x.xxx.xxx.99 and from Public Ip direct to my internal IP 171.400.400.185


but something is not working right.. because so far i have only suceeded in ports 80 and 443


but some clients have specific ports that need to be Open example special site with port 10010 enabled, so when we try reach john.company.com, it does not redirect to specific machine 171.400.400.185


Any clues on how to setup public IP domain to internal dns static domains?


and i need to open all ports on incoming requests, to specific public domain, to internal static dns IP, clients run their own firewalls on their end Machines.

It looks like you might have solved the IPv4 adress shortage - 171.400.400.185, that's an idea! We fools only used numbers up to 255. Imagine how many new addresses we'll have if we go higher.

But more seriously, there are some bad news for you. What you want doesn't work like that at all. If two hostnames resolve to same IP address, you can't redirect each to different internal address. Only a small number of selected services, from top of my head only http(s), can share common IP address and you need reverse proxy if you want to send different hostnames to different internal servers. RouterOS can't do it for you, you need another machine for that (well, there's a hack that allows to misuse web proxy in RouterOS, but it's only for http, not https, and it's bad idea, so don't even thing about it). For other services that don't use hostnames as part of protocol (most of them, really) it's impossible.