Port forwarding is one of the most important features in the area of network address translation redirection. Simply put, this is the ability to use multiple external devices connected to the same local area network or connected via wireless devices. Simply put, Mikrotik port forwarding (RDP) allows you to access a specific computer terminal or device via an Internet connection from the outside. Thus, you can control any device through remote access. The only thing required for this is the availability of a free port on the router. Next, we will consider some of the most common situations in which port forwarding is required or highly recommended. Take the Mikrotik model RB951-2n as an example. But this is not the most important thing. In the Mikrotik router / modem, port forwarding through the VPN Client is somewhat different from the generally accepted rules. But first things first.
Mikrotik Router: General Features
The owners of the Mikrotik series of routers are incredibly lucky. The fact is that these devices for the most part have several inputs for network connections. There are five of them in the above model.
This makes it possible to use a lot of completely different settings, even for cases where there are several providers. Agree, quite a significant advantage. For the connection to work, and work correctly, you will have to forward the ports of the Mikrotik router. Just note that you have to tinker a bit. But in the end, the user will get a lot of opportunities for the use of modern Internet technologies. True, you should not flatter yourself, since setting up forwarding in the absence of certain knowledge can be quite a troublesome affair. But do not give up. Our instructions will help you configure routers of this series even to the most untrained user. It is important to follow all the items on the list.
Mikrotik Port Forwarding: Login to the Web Interface
There should be no problems with entering the device interface. The standard procedure includes the use of the most common Internet browser, in which you need to enter the combination 192.168.88.1 in the address bar. Note that this address is fundamentally different from the data of most other routers.
Admin is always used as a login, and the password field is left blank. If this option does not work, just reset the settings by pressing the Reset button or disconnecting the device from the mains for 10-15 seconds.
General description of the parameters
After logging in, before forwarding the Mikrotik ports, it is advisable to familiarize yourself with some important settings and parameters that will have to be changed.
First, go to the Interfaces section (the second item in the menu on the left), where all currently available interfaces will be shown. We do not pay attention to the local bridge yet, but look at the Ether1 port. It corresponds to the first port (connector) on the router, which includes a cable with an RJ-45 connector from the provider. It is also called Gateway - an entrance through which you can access the device itself.
The other four ports are combined into a virtual switch. The second port has priority Master, the rest - Slave. The last three ports are guided by the second, which, in essence, controls them on the basis of connecting to the first.
Between the main ports and the Internet, as a kind of “layer”, the NAT network address translation service is installed. It allows you to set both internal and external addresses for computers on the same local network, which may not coincide initially.
Next begins the masquerade. Yes, yes, you heard right, it really is! Masquerade function works on the principle of VPN or proxy, replacing the external IP of the computer terminal when accessing the Internet address of the router itself. In the same way, when a response is received, the service identifies the internal IP of the computer from which the request was made, and sends the response to this particular machine. If the service is not enabled, you will need to activate it in the appropriate section of the operating system itself.
Basic port settings
Depending on which program or service should use a certain free port of the router, you will have to push off, making the Mikrotik port forwarding.
For example, for the operation of any Torrent client it is necessary to use port 51413, for a remote connection by using an RDP connection - 3389, to establish communication with ByFly - 55555, etc. But it is worth noting that forwarding the Mikrotik ports through a VPN client slightly different from the standard procedure (it will be further explained why).
Create rules
But back to the forwarding. We go to the Firewall / NAT tab and see that one rule already exists (it is installed by default).
We need to add a new one (this is done by pressing the button with a plus sign). There are several basic parameters:
- Chain - install Srcnat if access from the internal network to the external is required, or Dstnat - from the Internet to the internal network;
- Protocol - select TCP;
- Src. Port - no change;
- Dst. Port - 51413 (in this case, for a torrent);
- In. Interface - ether1-gateway;
- Out. Interface - no change.
Next, you can go to the advanced type settings (Advanced or Extra), but you can leave them unnecessarily. In this case, we are more interested in the Action section.
Action selection
There is a choice from which to select the operation that will be activated when receiving incoming packets. In order not to complicate the situation, you can set the value Accept. In this case, all packets will be accepted automatically.
When you need to redirect data from the internal network to the external, you can use the dst-nat and netmap options. The second option is preferable, since it is an improved version of the first.
Next, in the To Address field, specify the name of the computer to which the call will be forwarded, and enter the port address. Click the Apply button - the address of the machine will appear in the list.
You can also go to the Comments section and specify information for the created rule so that in the future the system does not request a choice of action. At this, the forwarding of the Mikrotik ports can be considered completed. But not so simple.
Forwarding Mikrotik ports from the Internet to LAN: forwarding for several providers
Suppose that several providers are connecting, and the user at some point wants to choose whose services to use or distribute them to different machines. In Mikrotik routers, two providers support port forwarding without problems.
In this case, when the action is selected, the dst-nat mode is set, and the address 10.24.3.2 (TCP 55555) is used in the To Address field (for example, for ByFly). Point To Ports can not be touched.
Next, the command console is called on behalf of the administrator, in which the following is written:
- / ip firewall nat;
- add action = dst-nat chain = dstnat comment = torrent dst-port = 55555 in-interface = \;
- ByFly protocol = tcp to-addresses = 10.24.3.2.
Probros for port 3389 (RDP)
Now a few words about remote control using free router ports. Actually, the procedure is almost the same.
Options settings should be as follows:
- Gateway: 192.168.8.1.
- Action: accept.
- NAT (the rule must be set before the masquerade rule).
- Chain: dstnat.
- Protocol: 6 (tcp) (default).
- Destination port: 3389 (the port number to which the forwarded port is forwarded to the Internet).
- Outgoing interface type: pppoe-out.
- Action: dst-nat.
- Forwarding to: 192.168.0.232.
In the IPv4 protocol settings, you need to go to additional parameters and specify additional addresses (as shown in the image above) on the IP settings tab, and then specify the address with which the router will interact.
Next, select the provider and enter the following data:
We create a rule for the second provider, add parameters for Masquerade.
CCTV Issues
Let's see how in the Mikrotik router port forwarding for video surveillance works in practice. In principle, the settings are almost the same as in the main case.
Only the forwarding of the Mikrotik ports for the DVR looks something like this:
- Chain: dstnat.
- Protocol: 6 (tcp).
- Remote Port: 200.
- In. Interface: ether1-gateway.
- Action: netmap.
- Redirecting to: 192.168.XXX.XXX.
- Port: 80.
As you can see, the settings are no different from the above, but the number 80 is used as the main port. That's all.
Conclusion
Summing up, it can be noted that forwarding Mikrotik ports is a rather complicated matter, and an ordinary user who is not familiar with even basic knowledge of the interface of routers of this series is unlikely to cope. Thanks to the instructions given, you can gather important information for yourself and configure port forwarding yourself.
Almost all parameters and options are identical in nature. Only operating modes and port numbers differ. Otherwise, there should be no problems with fine-tuning. The question of how relevant is all this will have to be decided independently. Of course, automation of Internet connections, especially when accessing a local network or a specific terminal from the outside, does not always work. Therefore, you will have to spend a little time to make the correct configuration, even using access to the services of several providers.