How do you open a port on Mikrotik?

S

susnake2015-08-22 17:25:39

Mikrotik

susnake, 2015-08-22 17:25:39

Good afternoon.
I just can’t understand and figure out how they still forward ports in Mikrotik?
For example in this video :

chain: dstnat
Protocol: 6 (tcp)
dst.port: 80
in.interface: ether1-gateway
Action: dst-nat
to adresses: 192.168.0.5
to ports: 80

I did it, applied it, for some reason the Mikrotik web interface opened (its IP is 192.168.0.1).
For example, in this topic
it is recommended to run the command

/ip firewall nat add chain=dstnat dst-port=80 action=dst-nat protocol=tcp to-address=192.168.11.118 to-port=80

, which brings the settings to the following form:

chain: dstnat
Protocol: 6 (tcp)
dst.port: 80
Action: dst-nat
to adresses: 192.168.0.5
to ports: 80

Those. without specifying the incoming interface. I go to my domain name (example.com) and I get an error

This webpage is not available
ERR_CONNECTION_TIMED_OUT

Some answers say that you still need to specify your external IP in Dst.address , in some - do not specify to ports in the action section.
I studied the article on Habré , but it did not help. The Mikrotik web interface also opens.
The configuration setting is standard.

Export Mikrotik config

/export compact
# aug/22/2015 20:15:09 by RouterOS 6.30.2
# software id =
#
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=ether10-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=ether2-master-local network=192.168.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=netmap chain=dstnat dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.0.5 to-ports=80
/system clock
set time-zone-name=Asia/Novosibirsk
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
/tool romon port
add

It is also not clear why the add name=default-dhcp ranges=192.168.88.10-192.168.88.254 line contains IP 192.168.88. 0 when I remapped it to 192.168.0.0
Boarname RB2011UiAS
Version: 6.30.2
Frimware 3.22

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2015-08-22
@susnake

Look at the counter to see if, in principle, this rule works for you.
From the locale, your address is resolved into IP, which Mikrotik itself gives. To work from the inside, you need to make Hairpin Nat.
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254 - address pool for dhcp server. Just don't use Easy setup (initial setup window). It works extremely crookedly and it is better to forget about it altogether.

A

Alexander Ivanov, 2015-08-22
@mrorkyz

Turn off Mikrotik's web face in general, and everything will work