Powerful Linux-independent operating system called MikroTik RouterOS is made to work with MikroTik network hardware. The numerous features and applications of MikroTik RouterOS make it more than just a straightforward router operating system. By running on a regular and personal computer, this program is capable of converting them into specialized routers.
To route traffic from an IP address and port number on a remote network to an IP address and port number on a local network, MikroTik uses a NAT application called port forwarding or port mapping. To connect to your servers from outside your local network without jeopardizing network security, port forwarding is, in other words, the safest method.
You can simply connect to a server in your private/local zone, such as a web server, game server, FTP server, NVR, or DVR, from outside your private/local zone (from the internet or the public) with MikroTik port forwarding.
The ideal approach to get into MikroTik RouterOS is through Winbox if you have servers and apps on a private network that you need to access across the Internet and public networks. Port forwarding on a Mikrotik device is quite easy to set up. This post will provide you an overview of port forwarding in Mikrotik and show you how to set it up in the router stage.
We will quickly describe the Mikrotik operating system and provide a definition of port forwarding before beginning the configuration process for port forwarding in Mikrotik. Stay with us till the article’s conclusion.
The primary supplier of Internet access infrastructure (hardware and software) in the majority of nations is MikroTik, a Latvian producer of hardware and network equipment. They create and sell routers, switches, access points, utility software, and operating systems for use in computer networks.
The operating system that MikroTik uses is called RouterOS. With its cutting-edge router, MikroTik offers a great deal of flexibility in managing networks. A PC can become a fully functional router with capabilities like routing, firewall, bandwidth control, wireless access point, backhaul link, hotspot gateway, VPN server, and more by installing RouterOS on it. The boot time can be shortened by using Mikrotik, a powerful router, to offer autonomous operation.
Describe port forwarding
The process of routing data traffic on a network, which is often directed to a specific IP address and port on a particular computer, and subsequently to a different destination, is known as port forwarding. This procedure is made simpler by a MikroTik router or any other device running RouterOS. As a result, by designating a certain port for a given service in a private network, another user will be able to access that service by entering the port in their browser or other software.
Between the internal channel of your private network and the public network (Internet), Mikrotik is positioned as a router. Assume, for instance, that you have a site inside the company with a particular port. In that scenario, port forwarding should be used if you are considering outsourcing your IP address or domain with a port to the internal software of the company.
If you’re the IT manager of a sizable network, you might be searching for a secure, low-risk way to let someone remotely use your VPS on your network without giving them access to the server’s IP. The safest way to fix your problem in this case is to use port forwarding on your Mikrotik router, which gives users outside of your private network the option of connecting to the VPS via the port. To take use of Mikrotik Port forwarding, you must first purchase the necessary Mikrotik VPS.
ALSO READ : How to Install and Configure Postfix on Ubuntu
Understanding MikroTik and Winbox
MikroTik is a Latvian company that produces routers and wireless ISP systems. Their routers are known for their reliability and versatility, making them a popular choice among network administrators. Winbox, on the other hand, is a proprietary graphical user interface (GUI) used to manage MikroTik routers. It provides an easy and intuitive way to configure your router’s settings.
Figure of a network
While the ether2 interface of the MikroTik router is connected to a LAN switch with IP address 193.168.20, the ether1 interface of the network is connected to a wide area network (WAN) with IP address 120.50.-.198. The three servers (web server, FTP server, and SSH server) on the internal network can only be accessed by users on the local area network (LAN). You can make these servers accessible to people outside your local network by utilizing MikroTik Port Forwarding, and in this lesson, we’ll show you how to set it up so that users outside the local network may connect to servers inside the local network through the Internet.
Configuring Port Forwarding in Mikrotik
Three common uses for Mikrotik Port Forwarding are identified in our training and are used for a variety of purposes:
- redirecting ports to an internal web server
- redirecting ports to an internal FTP server
- redirecting ports to an internal SSH server
Why Port Forwarding Matters
Port forwarding is crucial for various applications:
- Hosting a website or web application.
- Accessing a security camera remotely.
- Online gaming with friends.
- Running a file server.
- Remote desktop access.
Port forwarding ensures that external requests to your router are directed to the right internal device, enabling seamless communication.
Step 1: Download and Install Winbox
- Go to the MikroTik website and download the Winbox utility for your operating system.
- Install Winbox on your computer.
- Launch Winbox to begin the configuration process.
Step 2: Connect to Your MikroTik Router
- Ensure your computer is connected to the same network as your MikroTik router.
- Open Winbox and click on the “Neighbors” tab.
- Your router should appear in the list. Double-click on it to connect.
Step 3: Access Winbox Interface
- Enter the router’s username and password when prompted.
- You are now in the Winbox interface.
Step 4: Navigating Winbox Features
Winbox provides a user-friendly interface to manage your router. Familiarize yourself with its features and options, such as IP, Firewall, and NAT rules.
Step 5: Configuring Port Forwarding Rules
- Navigate to “IP” and select “Firewall.”
- Add a new NAT rule to specify the external and internal ports and IP address.
- Save the rule.
Step 6: Testing Your Port Forwarding Setup
- Test the port forwarding by accessing your router’s external IP address from a different network.
- Ensure your internal device responds as expected
Setting up Winbox to use Mikrotik port forwarding to an internal SSH server
This explains how to set up Mikrotik port forwarding so that users on the public network can connect to the internal network’s SSH server. Follow these steps to accomplish this:
Step 1: Use Winbox to access the Mikrotik server with administrative rights.
Step 2: Select Firewall from the IP menu by looking at the IP option on the left side of the panel.
Step 3: In the Firewall window, select the NAT tab.
Step 4: Click the PLUS symbol (+) to display the New NAT Rule window.
Step 5: In the Chain drop-down menu under the General tab, choose the dstnat option.
Step 6: Fill in the Dst address column with the MikroTik WAN IP address shown in our network diagram (120.50.-.198).
Step 8: Enter the port from which you want to send requests in the Dst Port entry area. Enter the number 22 in the Dst Port box because TCP port 22 is typically chosen to run the SSH server.
Step 9: Next, select the dst-nat option from the Action list on the Action tab.
Step 10: Type the SSH Server IP (126.96.36.199.21) in the To Addresses area.
Step 11: Enter port 22 in the To Ports field.
Step 12: To finish, click Ok and Apply to confirm.
If you followed the instructions correctly, you were able to configure Mikrotik port forwarding to the internal SSH server successfully and can now connect to your internal SSH server from the Internet using any SSH client (such as PuTTY or SSH Secure Shell Client).
MikroTik routers are powerful tools for managing your network, and with Winbox, configuring port forwarding becomes a breeze. Whether you’re a novice or an experienced network administrator, the step-by-step process outlined in this guide should help you unlock the full potential of your MikroTik router.
setting up Mikrotik The fundamental procedures for port forwarding using Winbox for the web server, FTP server, and SSH server are the same. The To Addresses and Dst Address sections’ IP addresses and ports must be entered differently. You can use the ports you provided or the standard ports for web servers, which are typically TCP80 port, TCP21 port for FTP servers, and TCP22 port for SSH servers.
We anticipate that after reading this article, you will be better familiar with the port forwarding feature of Mikrotik and will be able to set it up quickly. Ask us your query in the comments section if you need assistance in this area so that we can help you and find a solution.