Port Forwarding on MikroTik Router

MikroTik is a Latvian network equipment manufacturing company. MikroTik has a very high level of flexibility when it comes to network management that it comes with its own sophisticated router. The RouterOS can be installed on a PC and it will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more.

27 Feb, 19 by Oliver K 3 min Read

Server Tutorials

Port Forwarding on MikroTik Router

MikroTik is a Latvian network equipment manufacturing company. MikroTik has a very high level of flexibility when it comes to network management that it comes with its own sophisticated router. The RouterOS can be installed on a PC and it will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more.

RouterOS has all the necessary features of an ISP (internet service provider). MikroTik is capable of managing anything relating to networking and in this article we will focus on how to successfully use Port forwarding on MikroTik by using RouterOS.

Port forwarding is the process of intercepting data traffic headed for a computer's IP/port combination and redirecting it to a different IP and/or port. This can be done using a MikroTik router. This whole article is a guide on how to do port forwarding on a MikroTik router.

Before we get to that, try to imagine a situation as follows:

Imagine your an IT administrator. You created a big network and someone wants to remotely connect to your VPS server or dedicated server and work remotely. You can’t share the server IP with him for security purposes. What should you do? In this situation, you should use port forwarding on MikroTik Router to handle all requests. Below is a step-by-step guide on how to configure port forwarding on MikroTik .

Login to your own MikroTik server with admin privileges.
Click on “IP” from the left side panel. In the opened submenu, click on “Firewall”.
We should use “NAT” (Network Address Translation) tab to handle the packets that the router receive.
In the “NAT” tab, click on “+” item to create a rule.

Note: In this scenario, assume the router connect to IP (10.10.10.10) and we want to forward all requests from (10.10.10.10:5847) to the (20.20.20.20:4324).

Click on “General” tab. Select “dstnat” from “chain” drop down list. In “Dst. Address” field type this IP (10.10.10.10). From “Protocol” list, select of the connection protocol like (TCP, xdp, ddp). In “Dst. Port” field, type 5847.
Click on “Action” tab. From action drop down list, select “dst-nat”. Type this IP (20.20.20.20) on the “To Addresses” filed and type 4324 on the “To Ports” field.
Click on apply and OK to save and add the rules.

Here is some Mikrotik related articles:

https://monovm.com/blog/how-to-update-mikrotik-os/

https://monovm.com/blog/change-username-and-password-on-mikrotik/

https://monovm.com/blog/block-url-on-mikrotik/

Tags:

Mikrotik Tutorials

Category:

Server

Tutorials

Oliver K

I’m Oliver k. I have MS degree in Computer Engineering. For nearly 5 years that I have been working on web programing and also in last 2 years I have worked on windows and Linux VPS. This is my honor to share my experiences with a new community.

tony

2019, Nov, 19

I don't understand which devices (10.10.10.10), (10.10.10.10:5847) and (20.20.20.20:4324) are supposed to be.

Paras

2020, Jul, 20

The 10.10.10.10 is your WAN IP. It is the IP of your router as the internet sees it. 20.20.20.20 is the IP that you want to forward your traffic to. Late reply, but should help those that are wondering the same and came to the comments for help

Lionel

2020, Jan, 20

Hi Oliver, good day can i check with you how to setup a simple port forward in MT router for an ovpn server? I did try your setup but it did not really work and I notice that I only have my nas ip. do i need to put my router lan ip or wan ip liek you 10.10.10.10? my ovpn server is running from my nas. i have try a few setting but it cannot connect. i can see that my iphone is hitting my MT router Nat rule but always fail to connect. Thanks my setting General tab Chain: dstnat Protocal : udp dst port: 1194 Extra tab Address Type: local Action tab action: dst-nat to addresses: ovpn ip

Dennis

2020, Feb, 20

Hi Oliver, Thanks in advance for any assistance you can offer to port forward my Mikrotik router so I can access a couple IP cameras from the internet when away from my LAN. I have setup a free DDNS account with NO-IP if needed, and have static IP's in each camera. I've had success in setting up a NAT rule in the past, but having issues any attempt after I moved. Dennis

Gabriel

2020, May, 20

Hey, thanks for the clear guide. I have a dynamic wan ip, but I'm connecting via a dyndns domain (example.dyndns.org). I leave my dst adress in blank but in canyouseemee it says "connection refused" I'm able to acces via the dyndns domain locally, nut when I try that outside of my lan, I can't access.

Subhan

2020, Jun, 20

Hello Gab, I did it same way as you, left dst address blank and it worked. Just had to add both tcp and udp.

cam-tech

2020, May, 20

Thx for tutorial.

Allistair

2020, Aug, 20

Great tutorial. I would just like to know would this work for my PS4 as well? I'd like to forward port for PS4 and have an open NAT type.

Hana

2020, Aug, 20

Hi Oliver,I want to forward an IP range in MikroTik (16384-32768 with UDP protocol).How can I do this?

ELIUD MUNENE

2020, Nov, 20

I have read your tutorial. I have been trying to connect php mixbill to my router without success. Kindly let me know whether this process will be successful. Thank you.

Masoud

2020, Nov, 20

How to port forwarding for ftp ,? Help me please