port forward

akram · Wed Feb 25, 2009 3:03 pm

i have intranet website ,i can acess it from outside http://xxx.xxx.xxx.xxx:80 it works fine
and when i access it insde http://192.168.1.12 it works fine too

but when i try http://xxx.xxx.xxx.xxx from inside ,it give the website of mikrotik? ,what can i do it make it work from inside when i access http://xxx.xxx.xxx.xxx

help me guys

SurferTim · Wed Feb 25, 2009 3:35 pm

Greetings!

Take a look at this post and see if it helps.
http://forum.mikrotik.com/viewtopic.php?f=2&t=29550

If that is not enough, then if you could show me
/ip firewall nat print

akram · Wed Feb 25, 2009 4:24 pm

3 ;;; port Forward - Public to private server to ssp.salis-it.com
chain=dstnat action=dst-nat to-addresses=192.168.1.199 to-ports=80
protocol=tcp dst-address=196.219.31.41 in-interface=SWAN dst-port=80

4 ;;; port Forward - Public to private server to ssp.salis-it.com:8888 - Ad>
istration
chain=dstnat action=dst-nat to-addresses=192.168.1.199 to-ports=8888
protocol=tcp dst-address=196.219.31.41 in-interface=SWAN dst-port=8888

5 ;;; port Forward - Public to private server to intranet.salis-it.com:80
chain=dstnat action=dst-nat to-addresses=192.168.1.12 to-ports=80
protocol=tcp dst-address=196.219.31.39 in-interface=SWAN dst-port=80

6 X ;;; port Forward - Public to private server to intranet.salis-it.com:80 n>
working
chain=dstnat action=dst-nat to-addresses=192.168.1.12 to-ports=80
protocol=tcp dst-address=196.219.31.39 in-interface=SLAN dst-port=80

7 ;;; port Forward - Public to private server to Ftp
chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=21
protocol=tcp dst-address=196.219.31.37 in-interface=SWAN dst-port=21

8 ;;; port Forward - Public to private server to Mail.salis-it.com:80
chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=80
protocol=tcp dst-address=196.219.31.35 in-interface=SWAN dst-port=80

9 ;;; port Forward - Public to private server to vpn - 192.168.1.3
chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=1723

SurferTim · Wed Feb 25, 2009 6:29 pm

The dstnat rules should be matched with a srcnat rule. Did you look at my post on the other topic? Each dstnat has a matching srcnat. I see no srcnats or masquerades there at all.

akram · Thu Feb 26, 2009 10:12 am

i add the src too but nothing ,still goes to mikrotik router webpage

akram · Thu Feb 26, 2009 10:14 am

1 ;;; Backup1 : Internet Throught SWAN -To Leased Line Router - Not ISA -No>
DSL
chain=srcnat action=masquerade out-interface=SWAN

this is the masquerade for internet to ppl

here the src nat

5 ;;; test
chain=srcnat action=src-nat to-addresses=196.219.31.39
src-address=192.168.1.12

6 ;;; Test2
chain=srcnat action=src-nat to-addresses=196.219.31.34
src-address=192.168.1.0/24

SurferTim · Mon Mar 02, 2009 11:26 am

You should not need the first nat rule (masquerade). That is what caused the trouble on my network. I recommend disabling that rule and trying it.

skillful · Tue Mar 03, 2009 12:35 am

An option is to change the www service port of your mikrotik router from 80 to some other port, i.e. 808.

/ip service set www address=0.0.0.0/0 disabled=no port=808

This will prevent the mikrotik router from hijacking all port 80 traffic. You can now access the inbuilt mikrotik http server on port 808 when the need arises.

akram · Wed Mar 04, 2009 10:01 am

if i disabled masqurade , there will not be any internet for the netwok ,so is there any solution to give internet to ppl after i disable the masqurade

port forward

port forward

Re: port forward

Re: port forward

Re: port forward

Re: port forward

Re: port forward

Re: port forward

Re: port forward

Re: port forward