Community discussions

MikroTik App
 
User avatar
SpongeB0B
newbie
Topic Author
Posts: 39
Joined: Wed May 29, 2019 10:18 am

Firewall\Nat port forward

Wed May 29, 2019 11:38 am

Hi everyone,

I would like to create a port forwarding (From my external IP (ISP) to my internal network)

I read this page https://wiki.mikrotik.com/wiki/Manual:I ... figuration

Image

So this bring two questions :
  1. My Dst adresse is the IP from my ISP who is dynamic, is there any variable that I can put in this field (who contain the current ISP provided IP ?) or any way to do this ?
  2. what it's the little checkbox in front of the IP Image
Last edited by SpongeB0B on Wed May 29, 2019 12:13 pm, edited 1 time in total.
 
vilpalu
just joined
Posts: 19
Joined: Mon Feb 12, 2018 1:04 pm

Re: Firewall\Nat port forward

Wed May 29, 2019 11:46 am

"what it's the little checkbox in front of the IP"
it means "NOT", so basically you say "not any source"
 
User avatar
SpongeB0B
newbie
Topic Author
Posts: 39
Joined: Wed May 29, 2019 10:18 am

Re: Firewall\Nat port forward

Wed May 29, 2019 12:12 pm

Thank you @vilpalu

so 0.0.0.0 by default in ROS many any IP correct ?

But If I let that as □ 0.0.0.0 (unchecked) it mean that all IP incoming dst IP will be accepted. how can I define the current ISP IP ?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Firewall\Nat port forward

Wed May 29, 2019 5:38 pm

Mainly, 172.16.88.67 is not public address. So unless you are sure that ISP gives you one (could be done with NAT 1:1 or something where the real address would be on their router), there will be no port forwarding or any other access from internet to you.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Firewall\Nat port forward

Wed May 29, 2019 5:53 pm

On my dstnat (port forwarding rule) I used in-interface-list=WAN (since I have dual wan), if I had a single wan it would have been in-interface=wan.
Note, if you know the limited WANIPs external that need access to your server then you could add them to an address list
and they would be under source-address-list="authorized_server_access"

What is also required is a firewall forward chain rule.
Basically states allow new connections and new-connection-dstnat connections from your wan interface (or wan interface list if dual).

Who is online

Users browsing this forum: Bing [Bot], ericksetiawan, JDF and 93 guests