Uploaded by Ardit Vallja

Destination NAT - Port forwarding mikrotik tutorial

advertisement
Destination NAT elements:
1. Destination IP called external IP which is WAN IP that can be accessed from outside. Usually it is
a public IP (or CPE IP). For example: 204.16.x.x
2. Destination port called external port, can be any port that you want to set to access the device
from outside. For example: 8089
3. Translated address, or to-address which is IP of the device that cannot be accessed, called
internal IP. For example: 192.168.1.20
4. Translated port, or to-ports which is the specific port to access the internal device. For example
443 (https), (or 80 for http).

Destination NAT rule on mikrotik from GUI:
IP>Firewall>NAT, add.
Chain: dstnat
Dst. Address: 204.16.x.x
Protocol: tcp
Dst. Port: 8089
Action: dst-nat
To-Addresses: 192.168.1.20
To-ports: 443
RULE to access device: https:// 204.16.x.x:8089

Example from command line:
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=”external IP” dst-port=”external port” protocol=tcp toaddresses=”internal IP” to-ports=”internal port”
Example: just replace:
external IP: 204.16.x.x
external port: 8089
internal IP: 192.168.1.20
internal port: 443
So the command would be:
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=204.16.x.x dst-port=8089 protocol=tcp toaddresses=192.168.1.20 to-ports=443
Note: just paste the commands on terminal of mikrotik, and place the rule on top as first rule.
Download