Port Forwarding on MikroTik

Feb, 19

Port Forwarding on MikroTik

by Oliver K
in Server Tutorials
View 68507

Imagine your an IT administrator. You created a big network and someone wants to remotely connect to your VPS server or dedicated server and work remotely. You can’t share the server IP with him for security purposes. What should you do? In this situation, you should use port forwarding to handle all requests. Below we give a step-by-step guide how to configure port forwarding.

Login to your own MikroTik server with admin privileges.
Click on “IP” from the left side panel. In the opened submenu, click on “Firewall”.
We should use “NAT” (Network Address Translation) tab to handle the packets that the router receive.
In the “NAT” tab, click on “+” item to create a rule.

Note: In this scenario, assume the router connect to IP (10.10.10.10) and we want to forward all requests from (10.10.10.10:5847) to the (20.20.20.20:4324).

Click on “General” tab. Select “dstnat” from “chain” drop down list. In “Dst. Address” field type this IP (10.10.10.10). From “Protocol” list, select of the connection protocol like (TCP, xdp, ddp). In “Dst. Port” field, type 5847.
Click on “Action” tab. From action drop down list, select “dst-nat”. Type this IP (20.20.20.20) on the “To Addresses” filed and type 4324 on the “To Ports” field.
Click on apply and OK to save and add the rules.

Tags:

Mikrotik Tutorials

Category:

Server

Tutorials

Oliver K

I’m Oliver k. I have MS degree in Computer Engineering. For nearly 5 years that I have been working on web programing and also in last 2 years I have worked on windows and Linux VPS. This is my honor to share my experiences with a new community.

tony

2019, Nov, 19

I don't understand which devices (10.10.10.10), (10.10.10.10:5847) and (20.20.20.20:4324) are supposed to be.

Paras

2020, Jul, 20

The 10.10.10.10 is your WAN IP. It is the IP of your router as the internet sees it. 20.20.20.20 is the IP that you want to forward your traffic to. Late reply, but should help those that are wondering the same and came to the comments for help

Lionel

2020, Jan, 20

Hi Oliver, good day can i check with you how to setup a simple port forward in MT router for an ovpn server? I did try your setup but it did not really work and I notice that I only have my nas ip. do i need to put my router lan ip or wan ip liek you 10.10.10.10? my ovpn server is running from my nas. i have try a few setting but it cannot connect. i can see that my iphone is hitting my MT router Nat rule but always fail to connect. Thanks my setting General tab Chain: dstnat Protocal : udp dst port: 1194 Extra tab Address Type: local Action tab action: dst-nat to addresses: ovpn ip

Dennis

2020, Feb, 20

Hi Oliver, Thanks in advance for any assistance you can offer to port forward my Mikrotik router so I can access a couple IP cameras from the internet when away from my LAN. I have setup a free DDNS account with NO-IP if needed, and have static IP's in each camera. I've had success in setting up a NAT rule in the past, but having issues any attempt after I moved. Dennis

Gabriel

2020, May, 20

Hey, thanks for the clear guide. I have a dynamic wan ip, but I'm connecting via a dyndns domain (example.dyndns.org). I leave my dst adress in blank but in canyouseemee it says "connection refused" I'm able to acces via the dyndns domain locally, nut when I try that outside of my lan, I can't access.

Subhan

2020, Jun, 20

Hello Gab, I did it same way as you, left dst address blank and it worked. Just had to add both tcp and udp.

cam-tech

2020, May, 20

Thx for tutorial.

Allistair

2020, Aug, 20

Great tutorial. I would just like to know would this work for my PS4 as well? I'd like to forward port for PS4 and have an open NAT type.

Hana

2020, Aug, 20

Hi Oliver,I want to forward an IP range in MikroTik (16384-32768 with UDP protocol).How can I do this?