Mikrotik - NAT Rule (Port Forwarding)

Posted by Tech Support on 02 February 2016 12:31 PM

In the event port forwarding is needed, a NAT Rule will need to be created in the Mikrotik.
For this example, the NAT Rule is to allow access to a device on IP 192.168.88.100 using
port 80 (extension 100).
For devices such as onsite PBX that have remote extensions and need a range of ports, use a
hyphen (example: 10000-20000).

To create the NAT rule, please do the following:

1. Log into the Mikrotik using Winbox and go to IP
2. Go to Firewall
3. From the Firewall window, go to the NAT tab
4. Click on the Blue Plus Sign to add a new rule
5. From the New NAT Rule window, under the General tab, set the following
settings:
a. Chain: dstnat
b. Protocol: tcp
c. Dst. Port: 8080 (to use a port range use a hyphen, example: 10000-
20000)
d. In. Interface: ether1-gateway
6. Click on Action tab
7. For Action set to dst-nat
8. To Addresses: 192.168.88.100 (example)
9. To Ports: 80 (to use a port range use a hyphen, example: 10000-20000)
10. Click Apply
11. Click Comment
12. In the Comment for NAT Rule <8080> add a comment to help identify the rule
(e.g.: Ext 100)
13. Click OK to close the comment window
14. Click OK to close the NAT Rule window
15. The rule will now appear in bold to show that the rule is active
To make the rule inactive or to disable select the rule (the rule will be highlighted in blue) and
click on the red "X" or type "d" to disable the rule.

** WARNING **
It is important to only have the rule active when working on the device. Do not leave the
rule active when not working on the device or the device will get compromised.

 (7 vote(s))
 Helpful
 Not helpful