Saturday, October 24, 2020

Mikrotik Port Forwarding

First of all, we are going to discuss what port forwarding is and why it is being used. Then we move on to the details of how to configure port forwarding in Mikrotik Router.

To access a service from the internet which is running behind on our router, in that case, port forwarding is required. Port forwarding is the process of forwarding traffic to a specific destination which is originated from the internet or outside of the local network.

Suppose you have a service that is running on your local network is accessible only for your local user. Now you want to publish that service on the internet so that any internet user can access this service from anywhere in the world. Internet users will submit a request on the router to reach a specific service using that service's port number. Then the router will check its forwarding table if any entry is available for that port number. Every router maintains a port forwarding table where every service (port number) should be listed that are intended to access from the internet. Not only the service name, which computer is providing that service also be listed. And that's why a router can redirect the traffic to a specific destination what is an internet user searching for. This process is working like "Destination NAT" or "PAT (Port Address Translator)".

Assume that, we have an FTP server running on our local network. Only our LAN user can access this FTP site. No internet users can't access because this site is not published on the internet. Now we want to make available this FTP server on the internet. We have two options to accomplish this task. The first one is, we can use one public IP address directly in our FTP server and that's why it will automatically available on the internet. And the other one is, we can forward the FTP service request to our internal FTP server from our router, which is called port forwarding. 

In this tutorial, we are going to learn how to perform port forwarding on the Mikrotik router.  

In the Mikrotik router, we can achieve this task by configuring one destination NAT entry. By this entry, we are telling our router that if any request has come from the internet to reach an FTP server then forward that traffic to our internal FTP server. 

Step by step the whole process is shown graphically below.

First of all, we will go to the "NAT" option from the "Firewall" menu and there we will create a destination NAT rule.


Now go to the "General" tab and select "dstnat" as "Chain" value. Write your public IP address at the "Dst. Address" field. Select "TCP" from the "Protocol" field. And finally, write the destination port number at the "Dst. Port" field.  


Now we will navigate to the "Action" tab. Ant there we select "dst-nat" as "Action" value. At the "To Address" field, we will write our server IP address where the FTP service is running on. At the "To Port" field, we will write the service's port number, that our FTP server is using for that service.


Finally, click on apply and then "OK". A destination NAT entry will be added as follows.


From now on if any request has come to the router from the internet which is intended to go to the FTP server, then our router will redirect it to our internal FTP server means 10.168.1.247 IP address.

This is the whole process for Mikrotik Port Forwarding. We can call this Mikroitk Destination NAT.


No comments:

Post a Comment