Port Forwarding Step by Step - Mikrotik Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi guys welcome to the network trip do you have any internal web server ip camera or any other resource that you can't access from a remote location in this video we are going to talk about port forwarding using mikrotik router os devices so let's go to the lab i'm ready with the topology so we need to discuss a little bit what is the main issue that we face when we are trying to get access to one device that is using a private ip address and that device is behind a nat or network address translation so for example in this topology i have this web server as you can see here we have the border router this is a migrating device that is connected to our internet service provider the service provider is giving us a public ip address but the main problem is that this web server here is using a private ip address so if someone else is trying to get access to that web server from an external network like from internet then basically is not going to be able to do that because from the perspective of the internet users they can see only public ip addresses that means that we need to perform a spatial operation in the router to be able to allow those external users to get access to our web server and that operation is called port forwarding or destination nut so before going to the configuration i will explain the logic that router os uses to get this done so i'm going to go with destination nut so we have an operation that is called destination net so basically we need to target the public ip address in this case our public ip address is 190.10.0.2 basically is the ip that is configured on the interface where the isp is connected to so the idea here with destination nat is that we are going to target that public ip address let's say 1910 0 2 in my case and then the traffic that is going to a specific port is going to be redirected to the private ip address 192 168 10.254 any internet user is going to send the request to the public ip address to a specific port when the router receives that request to that port that we have specified then the router is going to forward that request to our internal server in this case this is a web server but actually it can be any internal device with an ip address such as cameras for example or a file server any type of network device or endpoint that is using an ip address and also that has a port listening for a specific service how can we translate that action into a router os command we have two options the first one using the graphical user interface or winbox and the second one is using the command line interface i will show both of them to start i will go to winbox so you can see here the win box in this moment so i will type the public ip address and then the username and password now i'm in a lab environment so basically i'm not using any password but in production networks is a must to have a very complex password so i'm going to get connected to that router now i am in the router so you can see here that we have this winbox so now we need to go to ip so this is the main menu ip then firewall and then once in fire where we get many tabs here but we need to open the second one not so you can see that now i have the regular nat rule this is for the traffic that is going from my private ip addresses to internet this is called source net because it's only changing the source ip address but the case for the lab today is talking about traffic that is coming from internet that is destination that as i have mentioned so i need to click here on the plus button and then on the chain is where we need to specify that this is going to be a destination not rule so i will click on destination nut then we need to specify all the conditions so routered works in that modality we have a list of conditions and then we apply a specific action to the traffic that is matching those conditions so the condition is destination net and then we have some additional conditions like the protocol so this is going to be tcp traffic because we are talking about a web server and also the destination port so this is the port where the internet users are going to send their request so in this case i'm going to say that this is going to be the port 80. since we are talking about http if you are talking about ssh we're going to use in a different port basically you can customize that port now i have three conditions but i need one more and that is the public ip address remember this route is going to be applied to all the traffic that is going to the public ip address to an specific port so we need to add that ip as a condition as well so here on destination address i will type the public ip address so in this case this is 190 10 dot 0 2 so we have all the conditions on the rule then we can go to the second last tab action so i click on action and then i need to select the action that is called dst dash nut so you can see that after selecting that option i got some additional fields here this is the private ip address this is the ip on the web server so i will type 192 168.10.254 and now i need to specify the port that this server has opened for that service so that is the port 80. now i will click on apply and i will add a comment so i will say dst not web servers for example and now i can click in okay so now we have one destination that rule on the router that means that if i go to my browser in this moment and i try to get into that public api then i will be redirected to that internal web server let's see if that's true so i will type 190.10.0.2 and then enter and you can see that i'm getting apache ubuntu default page we don't have anything fancy there yet what happen if i disable that rule so for example if i disable the rule and i go back to my browser i will go to incognito mode to clear the cache and then here i will type the public ip address so now that request is getting into a router but the router basically doesn't have any service running on the port tcp 80. the client is not getting access to the web server so we need this rule enabled to get access to that website so if i enable this again and i reload the site then now i have access to that server this is how we can configure port forwarding in a router os device using winbox what happens if i need to do that using the terminal so i will go to the inbox and simply will remove that rule and now i will use putty so remember puri this is an application for getting access via ssh or telnet to one device so i will use ssh and i will type 19102 [Music] this is going to request me the password for that device so the username is submitting and i don't have any password configure on it so if i need to add that destination not rule i only need to type the following this command is on the description of the video so i p then firewall not then i need to say add to the chain destination not and then i need to add the conditions so we have conditions like destination address this is going to be the public ip address so in this case 190.10.0.2 then the protocol so the protocol is going to be tcp then the destination port in this case is the port 80 so we have the set of conditions chain destination nut the destination address will be 190 10 02 the protocol tcp and destination port 8. if the router gets traffic matching those conditions then it's going to apply an action so we say action and that action is going to be destination not then we need to say where the traffic is going to be sent so in this case will be two address and then the private ip address that is one 92.168.10.254 and then two ports so in this case it would be port 80. you can see that the rule is very straightforward here we have ip file or not then we have the set of conditions and then we have the action so the action destination nothing we need to specify the destination ip and the destination port where the traffic is going to be sent to so if i press enter and i go back to the browser so i'm going to type the public ip again and now i have access to my web server remember that this process will be similar to provide access to external user to any resource using a private ip address this is how we configure that with mirotic router os the same configuration applies for any model of mgrotec device since they are sharing the same operating system if you enjoyed or learned something new from the video please leave a like if you have any suggestions for future topics please comment below i would appreciate that see you on the next one [Music]

Info

Channel: The Network Trip

Views: 5,973

Rating: undefined out of 5

Keywords: Dst Nat Mikrotik, Mikrotik Step by Step, Mikrotik Tutorial, Port Forwarding Mikrotik, mikrotik, mikrotik port forwarding, mikrotik port forwarding public ip, network, network tutorials, networking, port forwarding, the network trip, mikrotik router configuration step by step

Id: -kNHtlOb5n0

Channel Id: undefined

Length: 11min 49sec (709 seconds)

Published: Sat May 01 2021