How to make a port forwarding in Mikrotik? Port forwarding ("Micro"): description, instruction, recommendations

Port forwarding is one of the most important functions in the field of network address translation redirection. Simply put, it is the ability to use multiple devices connected to one local network or wirelessly connected devices, one external interface. Speaking even simpler, the "Microtick" ports (RDP) allow access to a specific computer terminal or device via an Internet connection from outside. Thus, you can control any device through remote access. The only thing that is required for this is the availability of a free port on the router. In the following, a few of the most common situations that require or are strongly recommended for port forwarding are discussed. The "Microtick" model RB951-2n is taken as an example. But this is not the most important thing. In the router / modem "Mikrotik" the port forwarding via VPN Client differs somewhat from the generally accepted rules. But first things first.

Mikrotik router: general characteristics

Owners of the Mikrotik series of routers are incredibly lucky. The matter is that these devices in the majority have several inputs for network connections. In the above model there are five.

This makes it possible to use a lot of completely different settings, even for those cases where there are several providers. Agree, a weighty advantage. In order for the connection to work, and work correctly, you will have to make the "Microtick" router ports. Just note that you have to tinker a bit. But in the end, the user will get a lot of opportunities for the use of modern Internet technologies. True, you should not flatter yourself, since setting up a transmission in the absence of certain knowledge can become quite a troublesome affair. But do not give up. Our instructions will help to configure the routers of this series, even the most unprepared user. It is important to follow all the items included in the list.

Port forwarding "Microtics": input to the web interface

With the entrance to the device interface, there should not be any problems. The standard procedure involves using the most common Internet browser, in which you need to enter the combination 192.168.88.1 in the address bar. Note that this address is completely different from the data of most other routers.

The username is always admin, and the password field is blank. If this option does not work, just reset the settings by pressing the Reset button or disconnecting the device from the mains for 10-15 seconds.

General description of the parameters

After logging in, before you perform the "Microtick" ports, it is advisable to familiarize yourself with some important settings and parameters that you need to change.

First you need to enter the Interfaces section (the second item in the menu on the left), where all available interfaces will be displayed. We do not pay attention to the local bridge, but look at the Ether1 port. It corresponds to the first port (connector) on the router, which includes a cable with an RJ-45 connector from the provider. It's also called Gateway - an input through which you can access the device itself.

The other four ports are integrated into a virtual switch. The second port has Master priority, the others - Slave. The last three ports are oriented to the second one, which, in fact, controls them on the basis of connection to the first one.

Between main ports and the Internet as a kind of "layer" is installed NAT NAT. It allows you to set both internal and external addresses for computers on the same local network, which may not coincide initially.

Then begins the masquerade. Yes, yes, you did not misinterpret, it really is! The Masquerade function works by the principle of VPN or proxy, substituting the external IP of the computer terminal when going to the Internet address of the router itself. Similarly, when receiving a response, the service identifies the internal IP of the computer from which the request was made and sends the response to that machine. If the service is not enabled, you will need to activate it in the appropriate section of the operating system itself.

Basic Port Settings

Depending on which program or service should use a certain free port of the router, you will have to start off by doing a "Microtic" port forwarding.

For example, for the operation of any Torrent client, you need to use port 51413, for remote connection using the RDP-3389 connection, for establishing a connection with ByFly-55555, etc. But it should be noted that the Mikrotik ports are routed through the VPN client Slightly different from the standard procedure (it will be further understood why).

Creating Rules

But back to the skid. We go to the Firewall / NAT tab and see that one rule already exists (it is installed by default).

We need to add a new one (this is done by pressing the button with a plus sign). There are several basic parameters:

• Chain - set Srcnat if you need access from the internal network to the external network, or Dstnat - from the Internet to the internal network;
• Protocol - select TCP;
• Src. Port - no change;
• Dst. Port - 51413 (in this case for the torrent);
• In. Interface - ether1-gateway;
• Out. Interface - no changes.

Next, you can go to the advanced settings (Advanced or Extra), but you do not need to touch them without need. In this case, we are more interested in the Action section.

Choice of action

Select the operation that will be activated when receiving incoming packets, there is from which. In order not to complicate the situation, you can set the value of Accept. In this case, all packets will be accepted automatically.

When you need to redirect data from the internal network to the external network, you can use the dst-nat and netmap options. The second option is preferable, because it is an improved version of the first one.

Next, in the To Address field, specify the name of the computer to which the redirection is to be made, and enter the port address. Press the Apply button - the address of the machine appears in the list.

You can also go to the comments section (Comments) and specify the information for the created rule so that in the future the system does not request the choice of the action. On this, the "Mikrotik" ports can be considered complete. But not everything is so simple.

Port forwarding "Mikrotik" from the Internet to the local area: redirection for several providers

Suppose that the connection is made by several providers, and the user at some point wants to choose which services to use or distribute them to different machines. In the routers Microtick, two providers of port forwarding support without problems.

In this case, when you select an action, the dst-nat mode is set, and in the To Address field (for example, for ByFly) the address is 10.24.3.2 (TCP 55555). The item To Ports can not be touched.

Next, the command prompt is invoked on behalf of the administrator, which prescribes the following:

• / Ip firewall nat;
• Add action = dst-nat chain = dstnat comment = torrent dst-port = 55555 in-interface = \;
• ByFly protocol = tcp to-addresses = 10.24.3.2.

Transmission for port 3389 (RDP)

Now a few words about remote management using free router ports. Actually, the procedure is almost the same.

Options options should be as follows:

• Gateway: 192.168.8.1.
• Action: accept.
• NAT (the rule must be set before the masquerade rule).
• Chain: dstnat.
• Protocol: 6 (tcp) (default).
• Port of Destination: 3389 (port number to which the port to be forwarded is forwarded to the Internet).
• Outgoing interface type: pppoe-out.
• Action: dst-nat.
• Redirecting to: 192.168.0.232.

In the IPv4 settings, you need to go to additional parameters and specify additional addresses on the IP parameters tab (as shown in the image above), and then register the address with which the router will interact.

Next, choose the provider and enter the following data:

We create a rule for the second provider, we add parameters for Masquerade.

CCTV Questions

Let's see how in the Microtick router the port forwarding for video surveillance works in practice. In principle, the settings are almost the same as in the main case.

Only the port forwarding "Micro" for the DVR looks like this:

• Chain: dstnat.
• Protocol: 6 (tcp).
• The remote port is 200.
• In. Interface: ether1-gateway.
• Action: netmap.
• Forwarding to: 192.168.ХХХ.ХХХ.
• Port: 80.

As you can see, the settings are no different from the above, but the main port is number 80. Only everything.

Conclusion

Summing up, it can be noted that the "Microtick" port forwarding is quite complicated, and an ordinary user, who is not familiar even with the elementary knowledge of the interface of the routers of this series, will hardly cope. Thanks to the above instructions you can get important information for yourself and configure the port forwarding yourself.

Almost all parameters and options are inherently identical. Only modes of operation and port numbers are distinguished. In the rest, with fine-tuning the problems should not be. The question of how much all this is relevant will have to be solved independently. Of course, automation of connections to the Internet, especially when accessing a local network or a specific terminal from the outside, does not always work. Therefore, it is necessary to spend a little time to make the correct setting even with the use of access to the services of several providers.