Mikrotik / Linux Port Forwarding to Local Server on LAN (HaK)

Mikrotik Port Forwarding to Local Server

If you want to host any web server (or any other service like RDP or Game Server) behind mikrotik server and you want it to be publicly available for all internet users, you can use port forwarding and create one dstnat rule as below.Just make sure this rule comes above any masquerading rule.
Scenario:
DSL MODEM WAN IP = 221.xxx.xxx.xxx
DSL LAN IP = 192.168.1.1
MIKROTIK WAN IP = 192.168.1.2
MIKROTIK LAN IP = 192.168.0.1
WEB SERVER IP = 192.168.0.50
First setup port forwarding in your dsl modem to forward port 80 request to your mikrotik, I am not showing DSL modem config, as its very different for every mode, search for your modem confg page on howto do port forwarding.
Then in mikrotik , add an rule to forward port 80 request to your local web server, (one that is hosted behind your mikrotik server, on local user LAN)
MIKROTIK RULE :
1
2
3
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=WAN2-QUBEE protocol=tcp to-addresses=192.168.0.50 \
to-ports=80
The above rule result would be something like below.

.

Linux Port Forwarding to Local Server

Linux WAN IP = 221.132.112.9 [Connected with WAN]
Linux LAN IP = 10.0.0.1 [Connected with User LAN]
Mikrotik LAN IP = 10.0.0.2 [Connected with User LAN or with SQUID]
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp –dport 8291 -j DNAT –to-destination 10.0.0.2:8291
iptables -t nat -A POSTROUTING -j MASQUERADE

Comments

Post a Comment

Popular posts from this blog

Mikrotik Webproxy with PCC

Image
Usually when you enable web proxy on pcc, it wont work. To make it work you have to mark web proxy connection in output chain, and exclude port 80 traffic from pre-routing PCC rules. Example is as below. (I assume you have dual wan pcc already configured and in running state Add following rules (Output chain) /ip firewall mangle add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/0 protocol=tcp     both-addresses-and-ports:2/1 protocol=tcp     per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local  dst-port=!80  in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \     per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp     max-server-connections=600 p
Read more

Dual Wan Load balacing with failover mikrotik

Introduction Let us suppose that we have two WAN links, and we want  load balance the two WAN links  and do a fail-over if one of the WAN links fails ( eg: traffic redirected to the link which is up ) . the problem is to monitor, whether the Internet is accessible through each of them. The problem can be everywhere. If your VPN cannot connect – then there’s no problem, your default route with gateway=that-vpn-connection will be inactive. If your ADSL modem is down – then check-gateway=ping is on stage, and no problem again. But what if your modem is up, and telephone line is down? Or one of your ISP has a problem inside it, so traceroute shows only a few hops – and then stops… Some people use NetWatch tool to monitor remote locations. Others use scripts to periodically ping remote hosts. And then disable routes or in some other way change the behaviour of routing. But RouterOS facilities allow us to use only /ip routes to do such checking – no scripting and netwatch at al
Read more

Configure Static IP Address (CLI) on Ubuntu 18.04.5 LTS

 goto: sudo nano /etc/netplan/01-netcfg.yaml Sample Config: # This file describes the network interfaces available on your system # For more information, see netplan(5). network:   version: 2   renderer: networkd   ethernets:         ens160:             dhcp4: no             addresses: ['192.168.1.26/24']             gateway4: 192.168.1.1             nameservers:                 addresses: [8.8.8.8, 8.8.4.4]                 search: [hak786.blogspot.com] sudo netplan apply
Read more