MikroTik is one of the best and most used router worldwide. Managing internet for office and internet service provider is the primary feature of MikroTik Router. MikroTik has lots of features that is required to manage your network connectivity. MikroTik port forwarding is one of the best features for network administrator. It helps network admins to forward any traffic on any port on MikroTik to another IP address. Sometimes people use this to increase security, access local network from internet using public IP and such. This article will also help you to port forwarding MikroTik for web server. If you concepts become clear then you can also fix some weird problem like Router is behind a NAT. Remote connection might not work.
What is MikroTik router?
Before moving further you have to understand what is MikroTik. MikroTik is a very advanced router to manage your network connectivity between upstream and your local network. So you can access internet without no issue. Due it’s lots of flexibility, customization and features it’s one of the best choice for internet service providers (ISP) and small and mid level office.
Accessing MikroTik through Winbox
Usually every MikroTik has it’s own router operating system that is called RouterOS. To connect into the MikroTik system you can use Winbox and with specific credentials (username, password, winbox port) you can access MikroTik easily.
MikroTik port forwarding is a very important topics to discuss and learn. Let me first tell you the real case scenario for this solution.
What is MikroTik Port Forwarding?
If you are on a network under MikroTik, sometimes you need to access your local network’s web service port, FTP port, RDP port and any other port from internet. In this case, you need to tell your network administrator to forward specific port to any specific machine’s port. For example, if you have a public IP like 172.29.32.1 and it is attached with MikroTik. In your office you have multiple computers running multiple service like web service, FTP service, etc. If you can forward 80 port from MikroTik to that specific local machine’s IP, then from internet you can directly access to your local network machine with that public IP. It sounds complex to you? No worry, this article will explain all the things. Keep reading entire article to get your concept clear.
Why & How MikroTik Port Forwarding works?
Let me give you an example with an use case. Assume, you have a local network that is designed and attached with a MikroTik router that is easily manageable. You have multiple computer (192.168.88.12, 192.168.88.17, 192.168.88.37, 192.168.88.182, 192.168.88.89, etc..) in your local network (see the figure 1). And that is running different types of applications or services. Your MikroTik router is also connected with a public IP provided by your ISP. Now you want that one of your local computer will be accessible via internet through that public IP. So in this case you can build web server, you can run mail server, ftp server, other services, etc.. etc.
What it will do?
After solving this with my article anybody from internet (or whoever you give access) can access your local pc (192.168.88.12 or any local computer) from internet. This way you will be able to access FTP port, RDP Port, Web server Port of any local computer from internet.
How to do MikroTik NAT port forwarding?
First let me describe you the visual design of network design in your home or office. See figure: 1 above. Your Public IP is 118.168.52.32 which was provided by your ISP and attached with your MikroTik router. And your local computers are connected with 192.168.88.12, 192.168.88.17, 192.168.88.37, 192.168.88.182, 192.168.88.89 these IP address.
Now assume, 192.168.88.12 machine is running a web server and you want to make it’s web server port accessible from outside your network that means from internet. Our challenge is to see how to do that MikroTik NAT port forwarding.
Steps to configure MikroTik NAT Port forwarding
To configure port forwarding using NAT, follow the steps below
- Connect to your MikroTik
Using Winbox, connect to your MikroTik router to change the configuration for NAT port forward
- Configure NAT in MikroTik
From Winbox go to IP → Firewall → Select NAT tab
- Go to general tab
Select dstnat chain. Then from Protocol select tcp. From Dst. Port right down the port with which port the remote request will be connect. Here for web server I did 8080.
- Go to action
Go to Action tab and select Action to dst-nat, In To Addresses select 192.168.88.12 and To Ports will be 8080
- Save the settings
Now after saving the settings when you want to access 192.168.88.12 web server from internet people can do that by hitting http://118.168.52.32:8080 and that will be connected back and forth with 192.168.88.12.
I think it will help you to configure your own MikroTik.
Common questions regarding port forwarding
As this is a complex process to understand if you are using MikroTik first time. So here I have tried to make a lists of questions and answers you may face while working with MikroTik port forwarding.
Steps are the same but you have to learn where you want to forward remote request. Which IP or machine is running the web server in your network and their web server port. Typically web server runs on 8080 port. For example, if you want to route your incoming outgoing traffic for 8080 port, then you have to use that specific machine’s IP and port.
To access MikroTik via Winbox, the winbox port will be 8291/tcp unless you change the ports. Changing default port is better to protect unauthorized access attempt to your MikroTik
Well, see the step 3 and in the port option provide your FTP port that should be forwarded through your MikroTik. Typically to do FTP port forwarding in MikroTik, FTP port will be 21
All are the same. See the step 3 above and in the IP you need to write the IP address of the machine where that specific service is running and their service port number. And follow the rest of the guide. So you will be OK.
For web server (HTTP) port – 8080, FTP – 21, SMTP – 25,465,587, SSH – 22. See all the lists of common ports for various service from here.
As per the 4th steps from the guide above, write down the internal IP address. That’s it. This entire article explained specifically port forwarding to internal IP.
Actually there is no IP forwarding. But you can forward IP by forwarding all port in your MikroTik. Simple.
You have to check in your MikroTik router that the forwarding is working for both incoming and outgoing. Also you should check your other firewall settings. Read the entire article.
This topics is little bit advanced level topics for network administrator who manage networks with MikroTik. But I have tried to write it thorough with more details as much as I could. If you still face any trouble configure port forwarding in MikroTik for web server, FTP, RDP or for any specific service, write your comments below and I will try to help you. Read more articles about MikroTik from here.
Read more articles on MikroTik
MikroTik Simple Queue Script – Add All IP at Once
MikroTik Port Forwarding (NAT) & Access from Internet
