Menu

Shaharia's Blog.

Read articles from tech expert

MikroTik Port Forwarding (NAT) & Access from Internet

MikroTik is one of the best and most used router worldwide. Managing internet for office and internet service provider is the primary feature of MikroTik Router. MikroTik has lots of features that is required to manage your network connectivity. MikroTik port forwarding is one of the best features for network administrator. It helps network admins to forward any traffic on any port on MikroTik to another IP address. Sometimes people use this to increase security, access local network from internet using public IP and such. This article will also help you to port forwarding MikroTik for web server. If you concepts become clear then you can also fix some weird problem like Router is behind a NAT. Remote connection might not work.

Table Of Contents
  1. What is MikroTik router?
  2. Accessing MikroTik through Winbox
  3. What is MikroTik Port Forwarding?
  4. Why & How MikroTik Port Forwarding works?
  5. How to do MikroTik NAT port forwarding?
  6. Common questions regarding port forwarding

What is MikroTik router?

Before moving further you have to understand what is MikroTik. MikroTik is a very advanced router to manage your network connectivity between upstream and your local network. So you can access internet without no issue. Due it’s lots of flexibility, customization and features it’s one of the best choice for internet service providers (ISP) and small and mid level office.

Accessing MikroTik through Winbox

Usually every MikroTik has it’s own router operating system that is called RouterOS. To connect into the MikroTik system you can use Winbox and with specific credentials (username, password, winbox port) you can access MikroTik easily.

MikroTik port forwarding is a very important topics to discuss and learn. Let me first tell you the real case scenario for this solution.

What is MikroTik Port Forwarding?

If you are on a network under MikroTik, sometimes you need to access your local network’s web service port, FTP port, RDP port and any other port from internet. In this case, you need to tell your network administrator to forward specific port to any specific machine’s port. For example, if you have a public IP like 172.29.32.1 and it is attached with MikroTik. In your office you have multiple computers running multiple service like web service, FTP service, etc. If you can forward 80 port from MikroTik to that specific local machine’s IP, then from internet you can directly access to your local network machine with that public IP. It sounds complex to you? No worry, this article will explain all the things. Keep reading entire article to get your concept clear.

MikroTik NAT Port Forwarding
Figure 1: MikroTik NAT Port Forwarding

Why & How MikroTik Port Forwarding works?

Let me give you an example with an use case. Assume, you have a local network that is designed and attached with a MikroTik router that is easily manageable. You have multiple computer (192.168.88.12, 192.168.88.17, 192.168.88.37, 192.168.88.182, 192.168.88.89, etc..) in your local network (see the figure 1). And that is running different types of applications or services. Your MikroTik router is also connected with a public IP provided by your ISP. Now you want that one of your local computer will be accessible via internet through that public IP. So in this case you can build web server, you can run mail server, ftp server, other services, etc.. etc.

What it will do?

After solving this with my article anybody from internet (or whoever you give access) can access your local pc (192.168.88.12 or any local computer) from internet. This way you will be able to access FTP port, RDP Port, Web server Port of any local computer from internet.

How to do MikroTik NAT port forwarding?

First let me describe you the visual design of network design in your home or office. See figure: 1 above. Your Public IP is 118.168.52.32 which was provided by your ISP and attached with your MikroTik router. And your local computers are connected with 192.168.88.12, 192.168.88.17, 192.168.88.37, 192.168.88.182, 192.168.88.89 these IP address.

Now assume, 192.168.88.12 machine is running a web server and you want to make it’s web server port accessible from outside your network that means from internet. Our challenge is to see how to do that MikroTik NAT port forwarding.

Steps to configure MikroTik NAT Port forwarding

To configure port forwarding using NAT, follow the steps below

  1. Connect to your MikroTik

    Using Winbox, connect to your MikroTik router to change the configuration for NAT port forward

    Winbox Login interface to connect MikroTik

  2. Configure NAT in MikroTik

    From Winbox go to IP → Firewall → Select NAT tab

  3. Go to general tab

    Select dstnat chain. Then from Protocol select tcp. From Dst. Port right down the port with which port the remote request will be connect. Here for web server I did 8080.

  4. Go to action

    Go to Action tab and select Action to dst-nat, In To Addresses select 192.168.88.12 and To Ports will be 8080

  5. Save the settings

    Now after saving the settings when you want to access 192.168.88.12 web server from internet people can do that by hitting http://118.168.52.32:8080 and that will be connected back and forth with 192.168.88.12.

I think it will help you to configure your own MikroTik.

Common questions regarding port forwarding

As this is a complex process to understand if you are using MikroTik first time. So here I have tried to make a lists of questions and answers you may face while working with MikroTik port forwarding.

How to do port forwarding MikroTik for web server

Steps are the same but you have to learn where you want to forward remote request. Which IP or machine is running the web server in your network and their web server port. Typically web server runs on 8080 port. For example, if you want to route your incoming outgoing traffic for 8080 port, then you have to use that specific machine’s IP and port.

What is the default Winbox port?

To access MikroTik via Winbox, the winbox port will be 8291/tcp unless you change the ports. Changing default port is better to protect unauthorized access attempt to your MikroTik

We have a FTP server in a machine, how we can access that remotely?

Well, see the step 3 and in the port option provide your FTP port that should be forwarded through your MikroTik. Typically to do FTP port forwarding in MikroTik, FTP port will be 21

How to do MikroTik port forwarding for specific service (HTTP, FTP, RDP, PO3,IMAP, etc)?

All are the same. See the step 3 above and in the IP you need to write the IP address of the machine where that specific service is running and their service port number. And follow the rest of the guide. So you will be OK.

Common service ports for MikroTik port Forwarding

For web server (HTTP) port – 8080, FTP – 21, SMTP – 25,465,587, SSH – 22. See all the lists of common ports for various service from here.

How to do Mikrotik port forwarding to internal IP address?

As per the 4th steps from the guide above, write down the internal IP address. That’s it. This entire article explained specifically port forwarding to internal IP.

How to do IP forwarding in MikroTik

Actually there is no IP forwarding. But you can forward IP by forwarding all port in your MikroTik. Simple.

Error: Router is behind a NAT. Remote connection might not work

You have to check in your MikroTik router that the forwarding is working for both incoming and outgoing. Also you should check your other firewall settings. Read the entire article.

This topics is little bit advanced level topics for network administrator who manage networks with MikroTik. But I have tried to write it thorough with more details as much as I could. If you still face any trouble configure port forwarding in MikroTik for web server, FTP, RDP or for any specific service, write your comments below and I will try to help you. Read more articles about MikroTik from here.

Read more articles on MikroTik

Mikrotik Simple Queue Script

MikroTik Simple Queue Script – Add All IP at Once

If you have a MikroTik router, then it’s sometimes difficult to create simple queue with one by one IP address. It’s a difficult task. Also if you need to change bulk IP address in the queue, it sounds more terrific. So I wrote this article to make your life easier to maintain your MikroTik router easily. To add all IPs in your MikroTik Simple queue, just open your MikroTik RouterOS terminal and run the following script. What is MikroTik Script? MikroTik is one of the most used router for office and internet service providers that provides internet connectivity from provider to client. It’s massively customizable and every MikroTik router comes with an operating system that called RouterOS. You can save lots of time by creating and using MikroTik script that would do most of the tasks when you will run that on command line inside RouterOS. MikroTik Simple Queue To limit data rate or bandwidth for any specific IP address, MikroTik provides simple queue feature where you can easily limit bandwidth. If you want to provide a smooth bandwidth for every users in your network, you have to mastering yourself with this simple queue feature. You can limit, set priority,…
Read more

MikroTik Port Forwarding (NAT) & Access from Internet

MikroTik is one of the best and most used router worldwide. Managing internet for office and internet service provider is the primary feature of MikroTik Router. MikroTik has lots of features that is required to manage your network connectivity. MikroTik port forwarding is one of the best features for network administrator. It helps network admins to forward any traffic on any port on MikroTik to another IP address. Sometimes people use this to increase security, access local network from internet using public IP and such. This article will also help you to port forwarding MikroTik for web server. If you concepts become clear then you can also fix some weird problem like Router is behind a NAT. Remote connection might not work. What is MikroTik router? Before moving further you have to understand what is MikroTik. MikroTik is a very advanced router to manage your network connectivity between upstream and your local network. So you can access internet without no issue. Due it’s lots of flexibility, customization and features it’s one of the best choice for internet service providers (ISP) and small and mid level office. Accessing MikroTik through Winbox Usually every MikroTik has it’s own router operating system that…
Read more

Some Important MikroTik Tips and Tricks

Port Forwarding to local IP/PORT Type the following value into a Terminal window to enter this port forwarding rule. bash /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.20 to-ports=80 In the above MikroTik NAT forwarding rule add through MikroTik RouterOS terminal what I am doing with the above command?We are just forwarding any kinds of request to our main IP in 80 and forwarding that connection to 192.168.1.20 ip which is in my local network and port 80 will be used from 192.168.1.20 for that request. Read some more interesting Mikrotik tips & tricks from here – MikroTik Simple queue script – add all IP MikroTik NAT Port Forwarding – Access local pc from internet
Read more

Shaharia is a professional software engineer with more than 10 years of experience in the relevant fields. Digital ad certified, cloud platform architect, Big data enthusiasts, tech early adopters.