Hi all,

I am very new to Mikrotik, I am writing to you here because I have researched and cannot find a solution to this problem, which I am sure is simple for you. I will be very grateful for who can help me.

I have a Mikrotik RB952UI configured and working, but I am missing the following:

Within my local network, I have a local web server on a PC that works on a fixed ip: 18.34.156.6:3010



I have configured their respective static DNS 18.34.156.6 as domain turno.sys



Issue:
For this static DNS configuration to work perfectly, I have to write the url turn.sys:3010
If I don't put the respective port 3010 of my system in the url, it doesn't work.



Question:
How can I or should I configure these static DNS, so that simply writing turn.sys redirects it to its corresponding IP and port?


Thank you very much to everyone who takes the time to read me and maybe respond to me.

DNS is not about ports. Redirect to ports is done with destination NAT in the firewall.
You are using a public IP address. Is this address in your LAN?

If you connect to internet then normally the LAN should use private IP addresses, and you would do masquerade to connect to the internet, and dst-nat to allow incoming access to your PC.
In that case you also need hair-pin NAT (https://wiki.mikrotik.com/wiki/Hairpin_NAT) to be able to access the web server on the PC while in the same LAN with the client.

DNS is not about ports. Redirect to ports is done with destination NAT in the firewall.
You are using a public IP address. Is this address in your LAN?

If you connect to internet then normally the LAN should use private IP addresses, and you would do masquerade to connect to the internet, and dst-nat to allow incoming access to your PC.
In that case you also need hair-pin NAT (https://wiki.mikrotik.com/wiki/Hairpin_NAT) to be able to access the web server on the PC while in the same LAN with the client.

Dear teacher,

First of all, I want to thank you for your answer, I did not make myself understood what I want to do. But first I answer your question.

You are using a public IP address. Is this address in your LAN?
I am not using a public IP address, I do not want to give incoming access to my PC from the outside.

What I try is that each device that connects to my local Mikrotik network; Access my website that I have hosted on a PC within this same network.

I configured "static DNS" for a device connected to this network to access my website by typing http://turno.sys

The problem I have is that they must specify the port to this url, thus leaving http://turno.sys:3010

I just want to type http://turno.sys and have mikrotik take care of indicating this port 3010


I remain attentive to any comments.

thank you very much friend

Hi,

your problem with that setup is still the same as with the Hairpin NAT. You must make sure that the communication passes over the Mikrotik router in both directions. Problem with the web service and the client being on the same LAN network is that they will communicate directly (and not pass over the router, which they only use for DHCP and DNS).

So your "turno.sys" must point to an IP address that needs to go via the router (gateway), that is an IP that is not in the subnet of the LAN. Then the Mikrotik can do a "dst-nat" to the real webserver. The Hairpin-NAT will make the answer of the website also pass back over the router.

The problem I have is that they must specify the port to this url, thus leaving http://turno.sys:3010

I just want to type http://turno.sys and have mikrotik take care of indicating this port 3010

Use port 80 instead of 3010, then it will work.
With other port numbers this cannot work.
http uses port 80/tcp by default, and https uses port 443/tcp. Ie. in these two cases the port can be omitted.
Internally on the web server you can use any port you wish.

Example:

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.254.253 dst-port=80 protocol=tcp to-addresses=192.168.200.1 to-ports=3010

Need a loop back rule too.