I would like to access my server at 192.168.88.200 from external networks - i.e. enable traffic on port 80.
I keep trying various combinations, but I have no idea what I am doing wrong.
The port 80 is not blocked by the ISP.
I have (temporarily, for testing purposes) disabled Firewall on the server.
I keep messing around with NAT rules, but none show any progress, and occasionally sometimes I lock myself out of the router and cant access 192.168.88.1 anymore, for example after this command:
Code: Select all
/ip firewall nat add protocol=tcp dst-port=80 chain=dstnat action=dst-nat to-addresses=192.168.88.200 to-ports=80
I have checked a dozen of forum topics, some saying that they can access their servers from external networks, but not from internal (so they need a NAT hairpin).
Others are saying that they can enter their public IP from external network, but it's taking them to router login (which is fine too, at least some progress, but I can't even accomplish that).
What I have currently tried is also disabling any firewall rule with "drop" action, just to let all packages in (for testing purposes only), also adding a NAT entry, but no joy whatever I do..
FWIW, when I try and access 192.168.88.200 (the server) from the local network, it works, so I don't think it to be the culprit.
Any guidance, what should be my next step? I am guessing it's something rather trivial, but I have no idea what?
Here is the firewall configuration log:
Code: Select all
[admin@MikroTik] > /ip firewall
[admin@MikroTik] /ip firewall> filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""
2 X ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""
5 X ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
6 ;;; defconf: accept in ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
7 ;;; defconf: accept out ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=out,ipsec
8 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
9 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked log=no log-prefix=""
10 X ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
11 X ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
[admin@MikroTik] /ip firewall> nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=accept protocol=tcp dst-address=192.168.88.200 dst-port=80 log=no log-prefix=""
1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none