Syed Jahanzaib – Personal Blog to Share Knowledge !

January 29, 2012

Mikrotik / Linux Port Forwarding to Local Server on LAN

Filed under: Linux Related, Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 9:50 AM

Mikrotik Port Forwarding to Local Server

If you want to host any web server (or any other service like RDP or Game Server) behind mikrotik server and you want it to be publicly available for all internet users, you can use port forwarding and create one dstnat rule as below.Just make sure this rule comes above any masquerading rule.

Scenario:

DSL MODEM WAN IP = 221.xxx.xxx.xxx
DSL LAN IP = 192.168.1.1

MIKROTIK WAN IP = 192.168.1.2
MIKROTIK LAN IP = 192.168.0.1

WEB SERVER IP = 192.168.0.50

First setup port forwarding in your dsl modem to forward port 80 request to your mikrotik, I am not showing DSL modem config, as its very different for every mode, search for your modem confg page on howto do port forwarding. Just an example here for my Wi.Fi MODEM page.

Then in mikrotik , add an rule to forward port 80 request to your local web server, (one that is hosted behind your mikrotik server, on local user LAN)

MIKROTIK RULE :

/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=WAN2-QUBEE protocol=tcp to-addresses=192.168.0.50 \
to-ports=80

The above rule result would be something like below.

Linux Port Forwarding to Local Server

Forward specific Port from Linux wan interface to local server

ppp0 wan link with static public IP address is connected this Linux server & we want to do port redirection and port forwarding from ppp0 to local/local servers


# Script by Syed Jahanzaib
# 21-FEB-2016

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

echo '1' | sudo tee /proc/sys/net/ipv4/conf/ppp0/forwarding
echo '1' | sudo tee /proc/sys/net/ipv4/conf/eth0/forwarding

#192.168.100.3  is Local LAN server

sudo iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 50002 -j DNAT --to-destination 192.168.100.3:50002
sudo iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4444 -j DNAT --to-destination 192.168.100.3:4444

# Redirect request to server it self where ppp0 is connected.
sudo iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 1236 -j REDIRECT --to-port 1236
sudo iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 1235 -j REDIRECT --to-port 80
iptables -t nat -A POSTROUTING -j MASQUERADE

 

Regard’s

Syed Jahanzaib