how to setup port forwarding on a mikrotik router and connect using registered domain names

How To Setup Port Forwarding On A Mikrotik Router And Connect Using Registered Domain Names (FQDN)

Port forwarding aka NAT is an internet standard that allows devices on a network to use a given range of ip addresses for internal communications and a different range of ip addresses for external communications. This allows devices to connect to the internet using a public IP address and also allows services such as web and ftp servers on a private local area network to be accessible from outside the LAN i.e the internet/public networks. This tutorial aims to provide a guide on how to setup port forwarding to a web, ftp, ssh server using a mikrotik router and connect to these servers using registered domain names (FQDN).

REQUIREMENTS

In order to complete this tutorial successfully the following items are required. Please ensure to have these items available before taking implimentation action on this tutorial:
1) 1 x Mikrotik router.
2) 1 x Desktop or laptop computer with Windows, MacOS or Linux installed.
3) Internet access (Optional).
4) A registered domain name (FQDN).
5) Full access to domain DNS zone editor / CPanel.

OVERVIEW

1) Network diagram
2) REGISTER A DOMAIN NAME (FQDN) AND CREATE SUBDOMAINS TO BE USED WHEN CONNECTING TO THE SERVERS ON THE LAN NETWORK
3) Learn how to configure port forwarding so you can access a web server hosted on your LAN
4) Learn how to configure port forwarding so you can access an FT server hosted on your LAN
5) Learn how to configure port forwarding so you can access a server hosted on your LAN via SSH

NETWORK DIAGRAM

1) On this network diagram, the mikrotik router is connected to the internet on ETHER1 and has the IP ADDRESS 41.191.239.10. The ETHER2 interface is connected to the LAN network. Ether2 is also used by the Mikrotik Router DHCP server for the 192.168.20.0/24 LAN network.

There are 3 servers on the network (SSH server, Web server and FTP server) that are only accessible from the LAN network. This tutorial will demonstrate how to make these 3 servers accessible from a CLIENT COMPUTER on the internet as shown in the diagram.

Step 1 : Register A Domain Name (FQDN) And Create Subdomains To Be Used When Connecting To The Servers On The LAN network.

1) The first step is to register a domain name with a web hosting provider and a good example is namecheap. Click HERE to see how to register a domain + hosting name on namecheap.

2) Next create sub domains to use when connecting to the servers in the LAN network i.e sshserver.domain.com, ftpserver.domain.com, webserver.domain.com.

To do this, login into the CPanel account for your domain name. Under the DOMAINS section click on the SUB DOMAIN button.

3) Use the CREATE SUB DOMAIN section to create subdomains for each of the servers you would want to connect to. On this tutorial these are the sub domains created: 1) sshserver.billysoftacademy.com 2) webserver.billysoftacademy.com 3) ftpserver.billysoftacademy.com

3) Finally use the DNS ZONE EDITOR to edit the A records for the sub domains that were created in the previous step so that they resolve to the WAN IP address of the mikrotik router.

To do this click on DNS ZONE EDITOR on the CPanel dashboard and click on the MANAGE ZONES option for yourdomain.com

On the ZONE RECORDS page search for the subdomain names created in the previous step.

Click on the EDIT button on the A records from returned results and change the IP ADDRESS on the RECORD field to your WAN address

Click on the SAVE button to apply changes.

Step 2 : Configuring Port Forwarding On The Mikrotik Router To Enable Access To The Web Server On The LAN Network.

NB : THIS TUTORIAL ASSUMES THAT YOUR MIKROTIK ROUTER HAS A BASIC INTERNET CONFIGURATION.

4) To configure port forwarding so as to allow connecting to the LAN web server from any computer on the internet, open the WINBOX utility, enter the LAN address, username and password of the Mikrotik Router in the CONNECT TO, LOGIN and PASSWORD fields.

5) Next go to “IP > FIREWALL” and click on the “NAT” tab. Click on the ADD (+) button and the “NEW NAT RULE window will be displayed.

On the GENERAL tab, select DSTNAT from the CHAIN dropdown menu. Enter the MikroTik Router WAN IP “41.191.239.10” in the DST. ADDRESS input field.

Select 6(TCP) on the protocol dropdown menu and enter 80 in the DST PORT input field.

6) Click on the ACTION tab and select DST-NAT in the ACTION drop down menu. Enter the LAN IP ADDRESS (192.168.20.10) of the web server in the TO ADDRESSES input field and enter 80 in the TO PORTS input field. Click APPLY and OK.

Repeat 5 and 6 but enter the port number 443 in the DST-PORT input field on the GENERAL and ACTION tabs. This will allow connecting to the webserver using a secure HTTPS connection.

NB : ensure that the http service is enabled and that the mikrotik router firewall permits connections on port 80 and 443.

7) To connect to the LAN webserver using http(not secure) open any web browser and type in http://webserver.yourdomain.com. To connect to the LAN web server using https (secure) open any web browser and type in https://webserver.billysoftacademy.com

Step 3 : Configuring Port Forwarding On The Mikrotik Router To Enable Access To The FTP Server On The LAN Network

8) To gain access to the FTP server on the LAN network from a remote computer on the internet, connect and login to the LAN mikrotik router. Go to “IP > FIREWALL” and click on the “NAT” tab.

Click on the ADD (+) button and the “NEW NAT RULE window will be displayed. On the GENERAL tab, select DSTNAT from the CHAIN dropdown menu. Enter the MikroTik Router WAN IP “41.191.239.10” in the DST. ADDRESS input field.

Select 6(TCP) on the protocol dropdown menu and enter 21 in the DST PORT input field.

9) Click on the ACTION tab and select DST-NAT in the ACTION drop down menu. Enter the LAN IP ADDRESS (192.168.20.30) of the ftp server in the TO ADDRESSES input field and enter 21 in the TO PORTS input field. Click APPLY and OK.

NB : ensure that the FTP service is enabled and that the mikrotik router firewall permits connections on port 21.

10) To connect to the LAN FTP server open up any web browser and type ftp://ftpserver.yourdomain.com. Alternatively the LAN FTP server can also be accessed using FILEZILLA as shown on the image.

Step 4 : Configuring Port Forwarding On The Mikrotik Router To Enable Access To The SSH Server On The LAN Network.

11) To Gain Access To The SSH Server On The LAN Network From A Remote Computer On The Internet, Connect And Login To The LAN Mikrotik Router. Go To “IP > FIREWALL” And Click On The “NAT” Tab. Click On The ADD (+) Button And The “NEW NAT RULE Window Will Be Displayed. On The GENERAL Tab, Select DSTNAT From The CHAIN Dropdown Menu. Enter The MikroTik Router WAN IP “41.191.239.10” In The DST. ADDRESS Input Field. Select 6(TCP) On The Protocol Dropdown Menu And Enter 22 In The DST PORT Input Field.

12) Click on the ACTION tab and select DST-NAT in the ACTION drop down menu. Enter the LAN IP ADDRESS (192.168.20.20) of the ftp server in the TO ADDRESSES input field and enter 21 in the TO PORTS input field. Click APPLY and OK.

NB : ensure that the SSH service is enabled and that the mikrotik router firewall permits connections on port 22.

13) To gain access to the LAN SSH server from any remote device on the internet / public network use the PUTTY telnet and ssh client. Download PUTTY here.

GREAT! you’ve successfully completed the tutorial on How To Setup Port Forwarding On A Mikrotik Router And Connect Using Registered Domain Names (FQDN).