Tuesday, October 27, 2020

Port Forwarding SSH Server

First of all, we are going to discuss what port forwarding is and why it is being used. Then we move on to the details of how to configure port forwarding for the SSH server in the Mikrotik Router.

To access a service from the internet which is running behind on our router, in that case, port forwarding is required. Port forwarding is the process of forwarding traffic to a specific destination which is originated from the internet or outside of the local network.

Suppose you have a service that is running on your local network is accessible only for your local user. Now you want to publish that service on the internet so that any internet user can access this service from anywhere in the world. Internet users will submit a request on the router to reach a specific service using that service's port number. Then the router will check its forwarding table if any entry is available for that port number. Every router maintains a port forwarding table where every service (port number) should be listed that are intended to access from the internet. Not only the service name, which computer is providing that service also be listed. And that's why a router can redirect the traffic to a specific destination what is an internet user searching for. This process is working like "Destination NAT" or "PAT (Port Address Translator)".

Assume that, we have a SSH server running on our local network. Only our LAN user can access this SSH server. No internet users can't access because this server is not published on the internet. Now we want to make available this SSH server on the internet. We have two options to accomplish this task. The first one is, we can use one public IP address directly in our SSH server and that's why it will automatically available on the internet. And the other one is, we can forward the SSH server request to our internal SSH server from our router, which is called port forwarding. 

In this tutorial, we are going to learn how to perform port forwarding for SSH server on the Mikrotik router.  

In the Mikrotik router, we can achieve this task by configuring one destination NAT entry. By this entry, we are telling our router that if any request has come from the internet to reach a web server then forward that traffic to our internal SSH server. 

Step by step the whole process is shown graphically below.

First of all, we will go to the "NAT" option from the "Firewall" menu and there we will create a destination NAT rule.


Now go to the "General" tab and select "dstnat" as "Chain" value. Write your public IP address at the "Dst. Address" field. Select "TCP" from the "Protocol" field. And finally, write the destination port number at the "Dst. Port" field. We know that SSH service is working with TCP port 22 number.


Now we will navigate to the "Action" tab. And there we select "dst-nat" as "Action" value. At the "To Address" field, we will write our server IP address where the SSH service is running on. At the "To Port" field, we will write the service's port number, that our SSH server is using for that service.


Finally, click on apply and then "OK". A destination NAT entry will be added as follows.


From now on if any request has come to the router from the internet which is intended to go to the SSH server, then our router will redirect it to our internal SSH server means 10.168.1.247 IP address.

This is the whole process for Mikrotik Port Forwarding. We can call this Mikroitk Destination NAT.

No comments:

Post a Comment