Thursday, April 29, 2021

Mikrotik Destination NAT

Generally, one public IP address is required per service which has to be made accessible from the internet. According to that if we have 5 services that have to be opened up into the internet, then we have to have 5 public IP addresses. But it is possible to use one public IP address to open up multiple services.

To access the multiple services from the internet which are running behind on our router and at the same time our router has been configured with only one public IP address, in that case, destination NAT is required. Destination NAT is the process of translating a public IP address to a specific private IP address.

Suppose you have a service that is running on your local network is accessible only for your local user. Now you want to publish that service on the internet so that any internet user can access this service from anywhere in the world. Internet users will submit a request on the router to reach a specific service using the router's public IP address and that service's port number. Then the router will check its NAT table if any entry is available for that port number. Every router maintains a port forwarding table where every service (port number) should be listed that are intended to access from the internet. Not only the service name, which computer is providing that service also be listed. And that's why a router can redirect the traffic to a specific destination what is an internet user searching for. This process is called "Destination NAT" or "PAT (Port Address Translator)".

Assume that, we have a web server running on our local network. Only our LAN user can access this web server. No internet users can't access it because this server is not published on the internet. Now we want to make available this web server on the internet. We have two options to accomplish this task. The first one is, we can use one public IP address directly in our web server and that's why it will automatically available on the internet. And the other one is, we can forward the web server request to our internal web server from our router, which is called destination NAT or port forwarding. 

In this tutorial, we are going to learn how to perform port forwarding or destination NAT for web server on the Mikrotik router. 
 
In the Mikrotik router, we can achieve this task by configuring one destination NAT entry. By this entry, we are telling our router that if any request has come from the internet to reach a web server then forward that traffic to our internal web server. 

Step by step the whole process is shown graphically below.

First of all, we will go to the "NAT" option from the "Firewall" menu and there we will create a destination NAT rule.


Now go to the "General" tab and select "dstnat" as "Chain" value. Write your public IP address at the "Dst. Address" field. Select "TCP" from the "Protocol" field. And finally, write the destination port number at the "Dst. Port" field. We know that web service is working with TCP port 80 number.


Now we will navigate to the "Action" tab. And there we select "dst-nat" as "Action" value. At the "To Address" field, we will write our server IP address where the web service is running on. At the "To Port" field, we will write the service's port number, that our web server is using for that service


Finally, click on apply and then "OK". A destination NAT entry will be added as follows.


From now on if any request has come to the router from the internet which is intended to go to the web server, then our router will redirect it to our internal web server means 10.168.1.247 IP address.

This is the whole process for Mikrotik Destination NAT. We can call this Mikroitk port forwarding.

No comments:

Post a Comment