Community discussions

MikroTik App
 
Vukm97
just joined
Topic Author
Posts: 5
Joined: Tue May 10, 2022 12:29 am

Port Forwarding Problem

Tue May 10, 2022 12:41 am

So, I worked on a server, which works well when I do local tests. When I try to forward my server to the internet, it won't work for me. Where I went wrong please help me. Thanks in advance.
My Home configuration is : ISP Router - Mikrotik - Pc and Server .

My Mikrotik Setings .
# may/09/2022 23:10:07 by RouterOS 6.47.10
# software id = RT1W-693U
#
# model = RB750Gr3
# serial number = D5030FBC0EAD
/interface bridge
add admin-mac=DC:2C:6E:58:99:CF auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=192.168.0.34 dst-port=80 \
protocol=tcp to-addresses=192.168.88.253 to-ports=8080
/system clock
set time-zone-name=Europe/Belgrade
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Port Forwarding Problem

Tue May 10, 2022 2:50 am

No problem here, assuming that 192.168.0.34 is what this router gets from ISP router. Did you also forward port 80 from ISP router to 192.168.0.34? Does ISP router have public IP address? Do you test it from internet or from LAN?
 
Vukm97
just joined
Topic Author
Posts: 5
Joined: Tue May 10, 2022 12:29 am

Re: Port Forwarding Problem

Tue May 10, 2022 5:31 pm

Sob , my isp router have publik ip : 178.xxx.xxx , i puted port forward on my isp router local 192.168.0.1 - external 192.168.0.34 , i tested on lan and wan , on my pc is showing server , but on my mobile dont .
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port Forwarding Problem

Tue May 10, 2022 5:44 pm

To clarify.
Your ISP has a public IP, and gives your MT router a private LANIP on its subnet of 192.168.0.34 ( the WANIP of the Mikrotik ).
On your ISP router you have port forwarded port 80 TCP to 192.168.0.34
On your MT router you have destination nat (incoming on port 80) dst-ip = WANIP of router and translated it to port 8080 which is what your server on the MT LAN (88.253) is expecting!
This is working from an external connection to the router! I am assuming you have tried with your smart phone or laptop or a friend to test externally (via cellular or another internet connection)

All correct so far??
For you to do the from behind your MT router on the same Lan network as the server try this addition!

/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
Last edited by anav on Tue May 10, 2022 5:47 pm, edited 2 times in total.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Port Forwarding Problem

Tue May 10, 2022 5:45 pm

I don't know what kind of configuration UI ISP router has, so what you write may be right or wrong, it's hard to tell. You can either try to post screenshot of that, or you can enable logging for your dstnat rule (log=yes, or Log checkbox on Action tab in WinBox), and see if it logs something when you test it (if it does and it makes sense, then port forwarding on ISP router should be ok).
 
Vukm97
just joined
Topic Author
Posts: 5
Joined: Tue May 10, 2022 12:29 am

Re: Port Forwarding Problem

Tue May 10, 2022 6:18 pm

What can I send you from the pictures?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Port Forwarding Problem

Tue May 10, 2022 8:36 pm

Configuration of port forwarding on ISP router.
 
Vukm97
just joined
Topic Author
Posts: 5
Joined: Tue May 10, 2022 12:29 am

Re: Port Forwarding Problem

Tue May 10, 2022 10:57 pm

Isp portforward conf
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port Forwarding Problem

Tue May 10, 2022 11:05 pm

You need to only ENTER in the local IP as 192.168.0.34 / 80 / 80 / (protocol) TCP / enabled. The external entries do not apply.

Give that a go.......
 
Vukm97
just joined
Topic Author
Posts: 5
Joined: Tue May 10, 2022 12:29 am

Re: Port Forwarding Problem

Tue May 10, 2022 11:19 pm

ITS working :) Tnx mates :) . I tested now from my cellular device ( 4g internet ) and its working :)

Who is online

Users browsing this forum: BioMax, RobertsN, shadarim, sybadi and 53 guests