Community discussions

MikroTik App
 
mrirh
just joined
Topic Author
Posts: 24
Joined: Fri Jul 09, 2004 10:54 pm

port fowarding in v2.8

Fri Jul 09, 2004 11:11 pm

Hello,

How can I forward specific ports from the outside, from an address on the Public nic, to an internal address on the Local network?

For example, all ftp traffic to public address 10.0.0.2 (an IP address on the Public nic) on ports 20 & 21 are routed to the internal address of 192.168.0.2 (an IP address for a server on the local network), on ports 20 & 21. Also, should the filter rule be created on a new filter chain?

I've read the Firewalll rules in the manual, but nothing is getting through.

Any help would be greatly appreciated.

jp
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Fri Jul 09, 2004 11:36 pm

You should add a destination-nat rule in the firewall section to create the redirection, e.g.
/ip firewall dst-nat add dst-address=10.0.0.2 dst-netmask=255.255.255.255 dst-port=20 to-dst-address=192.168.0.2 to-dst-port=20 protocol=tcp action=nat
(from memory - please check syntax!)
and then a rule in the forward chain to permit the (already dst-natted!) traffic, e.g. something like
/ip firewall rule forward add in-interface=ether-public dst-address=192.168.0.2/32 dst-port=20 protocol=tcp action=accept

You'll probably have to adjust this a little bit, but this should get you the idea... (The above two commands just forward port 20, of course...)
 
X9X0
just joined
Posts: 4
Joined: Fri Jul 16, 2004 9:42 pm
Location: North Providence, RI

Sun Jul 18, 2004 7:17 am

All of this is usefull , and works, But how would you specify the "dst-address" if the address is retrieved via DHCP? So how would you apply this exact rule in the situation that the public IP may change at some point. Not that mine ever has changed as long as it's active..... but if If the CMTS at the ISP ever went down, all of the port forwarding rules would have to be re-entered on my end.
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Sun Jul 18, 2004 11:22 am

You could for example simply dst-nat all traffic coming in on your "WAN" interface, something like
/ip firewall dst-nat add in-interface=ether-wan dst-port=20 to-dst-address=192.168.0.2 to-dst-port=20 protocol=tcp action=nat
 
X9X0
just joined
Posts: 4
Joined: Fri Jul 16, 2004 9:42 pm
Location: North Providence, RI

Sun Jul 18, 2004 11:39 am

excellent , thank you for all your help..
 
gurunge12
just joined
Posts: 1
Joined: Fri Apr 12, 2019 2:41 pm

Re: port fowarding in v2.8

Fri Apr 12, 2019 2:58 pm

Hello everyone,

Kindly request for kind assists, I tried to port forward the biometric device (whose ip is 192.168.88.49) and router IP is in public. I followed every blogs and solution from the post but it is not working.

Code:

1 ;;; Biometric Device port forwarding
chain=dstnat action=dst-nat to-addresses=192.168.88.49 to-ports=4370 protocol=tcp dst-address=103.x.x.24 dst-port=4370


Hoping for the early response.


with regards,

Anil
 
johnii
just joined
Posts: 3
Joined: Tue May 18, 2021 10:21 pm

Re: port fowarding in v2.8

Fri Jun 11, 2021 7:53 pm

hey, thanks for the help.

Who is online

Users browsing this forum: Ahrefs [Bot], Rhydu and 54 guests