Home Article Ip camera mikrotik. FTP through MikroTik firewall

Ip camera mikrotik. FTP through MikroTik firewall

FTP through MikroTik firewall

I set up FTP server on my nas, I try to login from outside network through MikroTik firewall (forwarded port 21 to local IP of my nas). The browser prompt me for user name and password I typed them correct but the browser says The page can’t be displayed. Tried to connect with ftp client with no success again.

I managed to login via CMD (ftp command) but this isn’t my game:

ftp open ftp Connected to ftp. 220 ProFTPD 1.3.5 Server (nas.local FTP Server) [::ffff:] User (ftp:(none)): software 331 Password required for software Password: 230-Welcome to ftp! 230 User software logged in

I substituted my WAN IP with ftp above.

From LAN network there is no problem.


Unintelligible Geek

You need to read up on port forwarding for FTP. This isn’t a freenas issue.

That said, FTP over the internet is stupid. All your ftp passwords are being sent over clear text


Ninja Turtle

FTP actually uses more than one port. Port 21 is for commands and 20 is for data, but there are also some random ports from 1024 coming into a play so it is a bit messy. What you need to do is:

On NAS: FTP port: 21 (or whatever port you want as the connection one) Minimum passive port: 15000 (choose something from 1024) Maximum passive port: 15100 (something like above 100 or even more if you will have lot of clients)

On Mikrotik: # open terminal and:

/ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=20 protocol=tcp dst-address= in-interface=WAN dst-port=20 log=no log-prefix= /ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=15000-15100 protocol=tcp dst-address= in-interface=WAN dst-port=15000-15100 log=no log-prefix= /ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=21 protocol=tcp dst-address= in-interface=WAN dst-port=21 log=no log-prefix= /ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=15000-15100 protocol=udp dst-address= in-interface=WAN dst-port=15000-15100 log=no log-prefix=

where is internal IP of your NAS where the FTP runs. is your public IP. WAN is the name of your wan interface where the uplink cable is conencted. ports. just make sure that the range is the same as configured on FTP server

Then you should be fine with this.

BTW: If you would like to access the FTP via your public IP but from within the internal network, it will NOT work because of the hairpin. To do so you will need a bit more NAT rules.

/ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=20 protocol=tcp src-address= dst-address= dst-port=20 log=no log-prefix= /ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=21 protocol=tcp src-address= dst-address= dst-port=21 log=no log-prefix= /ip firewall nat add chain=dstnat action=dst-nat to-addresses= to-ports=15000-15100 protocol=tcp src-address= dst-address= dst-port=15000-15100 log=no log-prefix=

where the is the subnet IP with CIDR

OS: TrueNAS-12.0-U2 on SSD Intel 520 180GB MB: SuperMicro MBD-X10SL7-F. Intel C222 CPU: Intel Core i3-4130 RAM: Kingston Value 16GB (2x8GB) DDR3 1333 ECC SK Hynix 16GB (2x 8GB) DDR3-1600 ECC PSU: Enermax ErPRO80 350W Pool1: Mirror / WD White WD120EMAZ WD120EMFZ 12TB Pool2: RAIDZ2 / 6x WD White WD120EMAZ 12TB Case: Fractal Design DEFINE R4 Black Pearl

Mikrotik Port Forwarding. RouterOS Port Forwarding

This tutorial will help you with How To do Mikrotik Port Forwarding and give you a step-by-step guide on the port forwarding Mikrotik command.

List of content you will read in this article:

MikroTik RouterOS is the stand-alone Linux operating system that is used with MikroTik’s networking equipment. However, that is not the only function it can perform. It is more than just an OS for routers. In fact, this software can even be installed on regular PCs to turn them into dedicated routers.

camera, mikrotik, firewall

Nevertheless, the blog is a step-by-step tutorial on how to configure port forwarding in MikroTik. Before we get into it, however, we will first discuss a little more about the OS itself and give you a general idea of what port forwarding ID Mikrotik port Forwarding, and RouterOS Port Forwarding actually is.

What is Mikrotik?

MikroTik itself is a Latvian network equipment manufacturing company. They develop and sell wired and wireless network routers, network switches, access points, operating systems, and auxiliary software for their products.

MikroTik’s RouterOS is the operating system that powers its devices and has a very high level of flexibility when it comes to network management. RouterOS can also be installed on a PC turning it into a router with all the necessary features. routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server, and more.

The feature that we will delve into today is RouterOS port forwarding. Unlike with other operating systems, the way to set it up might not be very intuitive, but not difficult at its core. Before setting up the configuration, let us first explain what port forwarding is.

What is Port forwarding?

Port forwarding is the process of intercepting data traffic headed for a computer’s IP/port combination and redirecting it to a different IP and/or port. This process can be easily done using a MikroTik router or any system running RouterOS.

Before we get to that, try to imagine the following situation:

You are an IT administrator. You created a large network, and someone wants to connect remotely to your VPS server or dedicated server to work remotely. You can’t share the server IP with that person for security reasons. What should you do? In this situation, you should use port forwarding on the MikroTik router to handle all the requests. Also, You can check out our Mikrotik VPS Server.

How to Configure Mikrotik Port Forwarding?

First and foremost, you should ensure that you have installed the latest MikroTik RouterOS version. Click here to find out how to update MikroTik OS.

Step 1: Log in to your own MikroTik server with admin privileges.

Step 2: Click on IP from the left side panel.

Step 3: In the newly opened submenu, click on Firewall.

Step 4: Head over to the NAT tab in the Firewall window.

Step 5: Click on the button to create a new rule.

Note: In this scenario, assume the router connects to IP (, and we want to forward all requests from ( to the (

Step 6: Click on the General tab and select dstnat from the chain drop-down list.

Step 7: In the Dst. Address field, type the IP you wish to forward all requests from (i.e., in our case).

Step 8: From the Protocol list, select the connection protocol, such as TCP.

Step 9: In the Dst. Port field, type the port you wish to forward requests from (i.e., 5847 in this example).Step 10: Now, navigate to the Action tab.

camera, mikrotik, firewall

Step 11: From the Action drop-down list, select dst-nat.

Step 12: In the To Addresses field, type the IP to which you wish to forward all requests (i.e., in our case).

Step 13: In the To Ports field, type the port you want to forward requests to (i.e., 4324 in this example).

Step 14: Click on Apply and then on OK to save and add the new rule.

And that’s it. You have successfully configured your first port forwarding rule on MikroTik. To add new port forwarding rules, simply follow the steps with new ports or IPs.


We hope that with the help of this article, you now have a better understanding of Mikrotik port forwarding and can set up the port forwarding configuration on MikroTik without any issues. If you run into an issue or have any questions, you can post them in the comment section below or contact us via live chat or e-mail.

People are also reading:

MikroTik router – How to convert hAP or hAP lite into ordinary Switch or Wireless Access Point Bridge

MikroTik company offers some very affordable and extremely powerful devices, along their main product – RouterOS (routing operating system) dedicated to networking.

MikroTik runs RouterOS operating system, an overwhelmingly complex feature-rich piece of software which you can use, control and configure both using command line terminal and graphical interfaces WinBox (on Microsoft Windows PCs) and WebFig (in web browsers like Chrome, Firefox, Opera, Edge…). Thing is, you will frequently find only the command line configuration tutorials online, but easy to follow step-by-step illustrated guides are virtually nowhere to be found.

MikroTik routers and “access points” models such as hAP and hAP lite (including their more advanced variants hAP AC² and hAP AC³) are mainly targeted at home networks and small offices (SOHO) environments, they come with RouterOS L4 license and out-of-the-box are usually configured as classic, conventional, well, routers – despite “AP” in their name.

The problem is if you don’t want a routing function, DHCP or NAT, in another words, you do not desire a network subnet change because of routing – e.g. your main router/gateway network IP is and MikroTik router devices attached to MikroTik will have its default subnet range 192.168.88. which is what we are trying to avoid.

What is the difference between computer networking Hub, Bridge, and Switch?

Network hubs are simplest (“dumbest”) of the bunch. Externally (physically) they look like switches but they aren’t the same thing internally. They have multiple ports and they operate on Physical Layer (L1 or Layer 1) of the OSI model, which means that they are transmitting all incoming packets to all other ports simultaneously. In another words, they are prone to packet collisions if multiple devices try to send the data at the same time — they aren’t Smart and efficient (in network traffic sense) at all!

Enter more intelligent networking world: meet Bridges and Switches!

Both switches and bridges function using Data Link Layer (L2), better known as MAC addresses, to forward Ethernet frames between two devices.

For an end-user concern, both can be used to connect two different LANs, devices or networks into one (hence, the bridge name), however, switches, like network hubs, usually have many Ethernet I/O ports (3/4/5/8/24/48), which means they can split or concentrate multiple LAN segments into single one.

Bridges commonly have only 2 I/O ports, which inherently limits their functionality to, well, joining two network segments.

L3/L4 Switches – even more intelligent!

As technology matures, chip integration reaches higher processing powers, miniaturization, efficiency, performance, lower price points, so do feature sets expand, as well.

Basic idea between different layers of switching/routing comes from the fact that earlier a device learns where the traffic needs to be directed (routed or switched to), the faster and more efficient it can perform its task. This may sound trivial in home or small office environments with less than e.g. 10 devices, but enter enterprise and service providers world, where constant saturated streams of information occur, and suddenly total switching or routing capacity (throughput) becomes an important factor. Additional features like traffic shaping, prioritizing applications etc. also comes into play.

L3 switches are crossbred between advanced routers (L3) and plain switches (L2), with an ability to perform traffic routing on Network Layer (L3) using IP Addresses, group network segments / hosts into Virtual LANs (VLAN), and so on.

L4 switches support policy based switching to limit different traffic types and prioritize packets based on application importance. L4 switch is also known as a session switch.

L3/L4 switches may not yet entirely replace routers, but they can perform traffic routing based on IP addresses instead only on MACs, load balance networks between grouped ports, and so on.

What should you do to make a MikroTik router work like a classic switch?

camera, mikrotik, firewall

(or wireless switch aka “access point” if you’re old enough to remember products like Cisco Linksys WAP54G)

Those devices are simple bridges between remote clients (e.g. mobile phones, tablets, laptops, Smart TVs, IoT devices) over Wi-Fi and actual router or gateway from your ISP.

Another confusion regarding this matter is that many online resources, including MikroTik’s own support forum where various members can exchange their knowledge about RouterOS and networking, and resolve various tasks and problems, state that for common switching function you need to use WISP AP mode configured as Bridge. Well, this does not work at all in our case. The required manual configuration procedure is quite simple, actually.

MikroTik Router – WinBox Neighbors Tab

MikroTik RouterOS via WinBox

MikroTik RouterOS – hAP Lite Default Configuration First Time Login Screen

How to convert MikroTik router hAP / hAP lite into ordinary Switch or Wireless Access Point Bridge (without routing function)

What is the difference between configs described in PART 1 and PART 2 ?

    AP Switch mode described in PART 1: We must connect one of the MikroTik router’s LAN ports (e.g. port #1) to ISP router/gateway using Ethernet/LAN cable. Other LAN ports (e.g. ports #2, #3, #4, …) and MikroTik’s Wi-Fi can be used to connect wired and wireless devices to Internet through classic switch/bridge without network subnet change. Please note that all LAN ports in this mode are equal – it does not matter which one you use for ISP connection, and which for other wired devices!

WiredWireless Devices connected via MikroTik LAN Ports (#2, #3, #4, …) and Wi-Fi MikroTik LAN Port (#1) ISP router/gateway (wired) INTERNET

Wired Devices connected via MikroTik LAN Ports (any) MikroTik Wi-Fi ISP AP Wi-Fi router/gateway INTERNET

PART 1: MikroTik classic Access Point (AP) mode (uses ethernet LAN port for bridge internet access)

This is what we are trying to achieve:

MikroTik Router Wireless Access Point Bridge Wired Bridge Switch Block Diagram

INTERNET | | ISP ROUTER / GATEWAY @ | | LAN Cable (connected between ISP router/gateway client port and any MikroTik’s LAN port) | | MikroTik Router configured as Switch/Bridge/AP | | LAN Cable(s) (-1 available port) or Wireless link (other Wi-Fi devices connected to MikroTik’s Wi-Fi) | | Multiple PCs/Printers/Phones/IoT Devices @ 192.168.1. over LAN/Wi-Fi [same network segment / no network change]

STEP 1 Reset MikroTik hAP / hAP lite to factory default

  • Turn Off power cord
  • Push Reset button with a pen or stick and HOLD IT
  • Turn On power back while still holding Reset button above pressed until ACT LED starts flashing (after ~ 5 seconds)
  • Release Reset button and wait 30-120 seconds until MikroTik device loads default Home AP mode

Connect now to your hAP MikroTik router using WinBox and LAN Port (e.g. use port #2, #3 or #4).

STEP 2 Go to Bridge Ports tab click on to add ether1 to the bridge (it may already be selected under Interface dropdown selector or you will have to manually do it).

STEP 3 Go to IP DHCP Server and delete defined one.

STEP 4 Go to IP DHCP Client and delete defined one.

STEP 5 Go to Routing BFD and disable defined “all” entry by double-clicking on it and pressing Disable button (cannot be deleted!).

STEP 6 Optionally remove defined pool line(s) e.g. however it won’t affect bridge function on it’s own.

STEP 7 Reboot MikroTik device [Turn Off Power, Turn On Power sequence]


Your MikroTik hAP/hAP lite router has become Access Point / Switch.


  • To access MikroTik and reconfigure it later you must use ethernet-enabled computer (laptop or desktop) and UTP / LAN cable on MikroTik (ports #2, #3, #4, etc.) with WinBox tool to access it via MAC address (it won’t work over Wi-Fi and MikroTik’s AP link now).
  • This procedure in general, particularly steps 1, 2 and 7, should be enough and used with other MikroTik wireless router boards and models.
  • Connect your main router/gateway from your ISP with UTP / LAN cable to one of the LAN ports on your MikroTik router. Rest of the free LAN ports can be used to connect other equipment / PCs / Printers etc.

What if WinBox doesn’t detect your MikroTik router in this case?

You need to manually input MAC address e.g. 4C:5E:0C:AB:CD:EF in the Connect To: field and press Connect button. Use Neighbors tab in WinBox and Refresh button to scan available MikroTik devices and MAC addresses automatically (doesn’t always work, and it’s not 100% reliable). Note that wired ethernet interfaces (ether1, ether2, ether3 …) on LAN ports and wireless wlan interface (wlan1) all have different MAC addresses!

Also, don’t forget to disable Wi-Fi adapter connection on your PC temporarily, otherwise, Windows will auto select by preference network adapter that has internet connection present (in another words, it will ignore direct wired connection to your MikroTik router if Wi-Fi works and is connected to another access point!).

Because of the WinBox bug and unexplained glitches you might have to press Connect / Reconnect buttons several times before successful connection is established. Don’t worry, you will successfully login into the router eventually (assuming you entered correct username and password as well).

Alternatively, perform a factory reset procedure and start over if you are stuck.

PART 2: MikroTik LAN To Wireless Wi-Fi Bridge mode (uses wireless connection for bridge internet access)

This section was not part of the original article, but we thought that this modification is quite common and could be useful. It builds up on top of the modification presented above.

In simple, plain words: we are trying to convert MikroTik router into a Wired Ethernet LAN to Wireless Wi-Fi adapter which will allow us to connect multiple wired-only devices (e.g. only with physical Ethernet LAN ports / without built-in Wi-Fi) like older TVs, Printers, DVRs, Wired LAN IP cameras and desktop PCs to another local wireless network access point (AP) or WISP provider gateway/router network. Another very important condition is that we do not desire network subnet change, thus routing function of our MikroTik “router” must be bypassed / turned-off, and DHCP or manual IP addressing / assignment function will be obtained and performed by the upstream wireless link, ISP router or gateway device. Some manufacturers and device manuals, such as TP-LINK TL-WA801N / TP-LINK TL-WA801ND or Tenda AP4 / Tenda AP5 Desktop AP (Access Point) models, refer to this as Client Mode AP operation. Needless to say, but MikroTik is far better device for this purpose because you have a greater control, more free LAN ports (no need for separate Switch), despite required work to configure it initially.

This mode is derived from Switch / Wireless Access Point Bridge Mode configuration above. You must have a working MikroTik router configured with previous steps first (PART 1) before proceeding to the following steps (hence the continuous STEPs numbering scheme in parentheses).

This is what we are trying to achieve now:

MikroTik Router Wired LAN To Wireless Wi-Fi Bridge Switch Block Diagram

INTERNET | | ISP ROUTER / GATEWAY / Wi-Fi AP @ acting as Internet Wi-Fi Wireless Access Point | | MikroTik’s Wi-Fi wireless interface link | | MikroTik Router configured as Ethernet LAN to Wi-Fi Wireless Bridge | | LAN Cable(s) (all available ports) but no Wi-Fi! | Wi-Fi is now reserved/used to bridge/connect to ISP AP wirelessly | | Multiple wired desktop PCs/Printers/DVRs/older Game Consoles/IoT Devices @ 192.168.1. over LAN only [same network segment / no network change]

in case of multiple MIMO WLAN interfaces and bands (2.4 GHz and 5 GHz) it is theoretically possible to use other radio(s) for other connections but we haven’t tried that and can’t guarantee that it will work.

How to modify existing MikroTik AP-Switch mode into Wired Ethernet LAN to Wi-Fi Wireless Bridge mode?

Final reminder: do not immediately jump to “STEP 1” instruction below unless you followed previous tutorial’s steps above and prepared your MikroTik for the following mod!

STEP 1 (8) Connect computer to MikroTik over Ethernet cable to e.g. LAN port #2.

STEP 2 (9) Run WinBox app and connect to MikroTik router using MAC address (default password is blank / empty). Alternatively, switch to Neighbors tab to find your router on local network connection automatically.

STEP 3 (10) Go To Interfaces Interface List tab and double-click on “defconf” WAN interface. Change (drop-down select) from “Interface: ether1” to “Interface: wlan1“.

STEP 4 (11) Go To Wireless (window is titled Wireless Tables) Security Profiles tab. Double-click on default profile General tab and configure security requirements of your network. For example, use WPA/WPA2 Pre-Shared Key with TKIP/AES support (we should drop TKIP for security reasons and FOCUS on WPA3 in the future, but for now use it for maximum compatibility with various devices).

Mode: dynamic keysAuthentication Types (checkboxes): WPA PSK, WPA2 PSKUnicast Ciphers (checkboxes): aes ccm, tkipGroup Ciphers (checkboxes): aes ccm, tkipWPA Pre-Shared Key: [ enter your Wi-Fi ISP/AP/Router/Gateway password here ]WPA2 Pre-Shared Key: [ enter your Wi-Fi ISP/AP/Router/Gateway password here ]

STEP 5 (12) Go To Wireless (Wireless Tables alt title) Wi-Fi Interfaces tab. Double-click on wlan1 interface and switch to Wireless tab. Example configuration is shown below:

Mode: station pseudobridgeBand: 2GHz-B-G-N (and / or 5 GHz if available on your MikroTik hardware)Channel Width: 20/40MHz eC (note: default is 20MHz mode only for hAP lite router model, values depend on hardware support, Band(s) and standards, set largest available values for maximum performance / speed)SSID: [ enter your Wi-Fi ISP/AP/Router/Gateway SSID name here ]Security Profile: defaultFrequency Mode: regulatory-domainCountry: [ select your country or leave “etsi” ]Installation: indoorDefault Authenticate: checkbox ticked

Optionally, you can use Scan… button on the right panel side, select “wlan1” from drop-down selector list, tick “Background Scan” checkbox and hit Start button. MikroTik won’t be able to connect to your Wi-Fi network unless background scan option is ticked.

Click on SSID or Signal columns to sort scanned networks by name or signal strength, select your wireless network from the available list right click Connect

Close this window, you should still see Interface window opened, and at the bottom status bar:

enabled | running | slave | connected to ess

You can now safely disconnect Ethernet LAN cable between ISP router/gateway and MikroTik’s LAN port from PART 1 in case you have it connected. It is no longer required, because now we have internet connection established over wireless interface.


Your MikroTik hAP/hAP lite router has become a Wireless Bridge (switch).

MikroTik router is now configured as a basic Ethernet LAN 2 Wireless Bridge / Switch (LAN 2 Wi-Fi adapter), allowing you to connect multiple wired LAN devices to Internet over Wi-Fi wireless network bridge to your main ISP router/gateway or another router in another room or department using the same network segment (no subnet change). Remember, your ISP router/gateway is still doing all the Smart routing and DHCP stuff!


  • Avoid using Ethernet port #1 during troubleshooting / frequent factory reset cycles and config changes! Why? LAN port #1 is reserved / mapped as Internet/WAN port in factory configuration, so WinBox can’t really connect to MikroTik on this port! (think of WAN as “output”, not “input”). You will have a big headache and also back and fort switching different ports during Wi-Fi bridge configuration fiddling.
  • WinBox won’t be able to connect to MikroTik configured this way via MAC address until MikroTik’s wlan1 interface becomes connected to the upstream AP (ISP), so make sure you have properly configured Wi-Fi AP parameters. Also, if AP loses connectivity, MikroTik will become unconnectable and it will require manual reboot (power ON/OFF cycle) to become connected again, which will affect devices connected to MikroTik router via LAN.
  • Remember, each factory reset operation requires another power ON/OFF cycle to actually load default configuration! At least, this is true for hAP Lite 2nd, possibly the same with other models.
  • When performing factory reset operation, make sure to use original or adequate replacement power supply (avoid USB power banks), and make sure to disconnect all LAN cables before that procedure.
  • Remember, hAP Lite 2nd requires 40-45 seconds to actually boot, so be patient and don’t expect to become instantly connectible after power ON/OFF cycle!
  • If WinBox still can’t connect to MikroTik router AFTER factory reset procedure, try enabling Tools Legacy mode.
  • If WinBox still can’t connect to MikroTik router AFTER factory reset procedure, if you use a laptop try disabling Wi-Fi LAN adapter on Windows PC (just in case to avoid confusion), and manually configure wired Ethernet adapter under TCP/IP v4 settings with the following parameters: IP address: mask: gateway: DNS server:
  • Connect to the MikroTik router via LAN cable and appropriate MAC port address using WinBox while still connected to the old (original) Wi-Fi network.
  • Under Wireless Security Profiles click on to create a new one (do not modify existing default profile we use in STEP 4 (11) above!), set proper TKIP/AES checkboxes and password.
  • Now go to Wireless Wi-Fi Interfaces tab Double-click on wlan1 interface and under Security profile select newly created one in previous step. Then switch to Wireless tab click Scan… button (background scan checkbox should be left unticked) and select new wireless network SSID. Wait until new connection is established, and reconnect in WinBox.

Beware, if you make a mistake and Wi-Fi connection is not successful you will lose the ability to access router via WinBox later! In another words, you’ll have to factory reset it and start over again. This is why it’s a good idea to create backups of working configurations before risky changes or use Safe Mode instead, so that changes you make aren’t permanent (they will be reverted after reboot / power ON/OFF cycle).

Port Forwarding On Mikrotik [Complete]

[Updated] Mikrotik is a powerful router used to increase boot speed to provide automated performance. It provides hardware and software for Internet connectivity in most of the countries around the world. MikroTik has a very high level of flexibility when it comes to network management that comes with its own sophisticated router. When you install RouterOS on your PC, it will turn it into a router with all the necessary features such as routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server, and more. In this article, you will learn about Port Forwarding On Mikrotik. You can check the available Mikrotik VPS Server Services on Eldernode and order that you need.

Tutorial Port Forwarding On MikroTik Router

The process of intercepting data traffic headed for a computer’s IP/port combination and redirecting it to a different IP and/or port is called Port forwarding. Using Mikrotik helps you to do this. So, you can assign a specific port to a specific service on your network so that the user can access it by entering that port in their software or browser. For example, you have a website with port 8080 inside your organization, and Mikrotik is located as a router between your organization’s internal network path and the Internet. Now, if you are considering outsourcing your IP address or domain with a port to the software within the organization, you should use a forwarding port.

What is port forwarding?

To understand the definition of port forwarding, we need to explain about router first. As you know, your internet service provider assigns one IP address to your internet connection. But when all computers on the internet need a unique IP address, what should be done if you have multiple computers in your house and only one address. Port forwards are setup in your router. To make a computer on your home or business network accessible to computers on the internet (Even though they are behind a router). So, you need to do port forwarding. In the case of gaming, setting up a security camera, or downloading files, you will need to follow this instruction.

How to configure port forwarding on MikroTik

As an IT administrator when you create a big network, users may ask to remotely connect to your VPS server or dedicated server. Undoubtedly, you will not share the server IP with him for security purposes. So, you will use port forwarding on MikroTik Router to handle all requests. Let’s see what are the required steps to achieve this purpose.

Login with Winbox to your own MikroTik server with admin privileges.

Then click “Firewall” from the “IP” menu.

From the Firewall page, click on the NAT (Network Address Translation) tab to open its settings and handle the packets that the router receives.

In the “NAT” tab, click on the “” item to create a rule.

In this step, you should click on the “General” tab. Select “dstnat” from the “chain” drop-down list. In the “Dst. Address” field type this IP ( From the “Protocol” list, select the connection protocol like (TCP, xdp, ddp). In the “Dst. Port” field, type 5847.

Also, let’s assume the router connects to IP ( and we want to forward all requests from ( to the (

Then adjust the settings as follows:

Chain : Set this section to dstnat.

Protocol : If you want a particular protocol packet to be forwarded only, set the Protocol option.

dst port : In this section, enter the port you want to access on the Internet.

Then go to the Action tab:

Action : Set this option to dst-nat.

To Addresses : Enter the address of the server inside your organization in this section.

To port: Enter the internal server port where you intend to transfer traffic to.

Note: You can either input and output ports alike or import ports differently.

Now, click on the “Action” tab. From the action drop-down list, select “dst-nat”. Type this IP ( on the “To Addresses” field and type 4324 on the “To Ports” field.

In the final step, you should click on Apply and OK to save and add the rules.


In this article, you learned How To Port Forwarding On Mikrotik. Using Mikrotik allows you to manage anything related to networking. Following the mentioned steps helps you to do port forwarding on Mikrotik. If you are interested in reading more, refer to How to Configure IP settings in Mikrotik.

Click on a star to rate it!

Average rating 2 / 5. Vote count: 4

No votes so far! Be the first to rate this post.

Switches and PoE injectors

In a home security installation, switches are designed to integrate several network devices into a single network. They are widely used for both simple local computer networks and complex, modern video surveillance and intruder alarm systems. They operate according to the bridge technology principle.

% VAT ordering for EU companies (non EST) Customers outside the EU

000 Successful Worldwide Deliveries

With netPower 15FR switch you can forget about expensive GPON base stations and optical splitters. This switch is a part of our GPEN concept. aimed to bring the speed and versatility of fiber networking while using the advantages of Ethernet. It is an easy to deploy, low-cost way for any ISP to deliver the Internet to individual apartments.

You don’t have to worry about power options in the attic or the utility room – netPower 15FR has 15 reverse PoE ports. Depending on your setup, netPower can draw the necessary power even from a single client! Another Ethernet port has PoE-out – you can use it to power an aggregate link such as our Wireless Wire Dish or a security camera, for example.

There are two SFP ports for fiber connectivity. The outdoor enclosure allows you to install this switch in all kinds of environments – from damp attics to elevator shafts and different poles with hose clamps. netPower 15FR – bringing the cost down and the speed up!

netPower 15FR has a non-blocking throughput of 3.6 Gbps, switching capacity of 7.2 Gbps and forwarding rate of 5.4 Mpps.

camera, mikrotik, firewall

The power supply is NOT included with the product- must be purchased separately.

Our company was established in 2008 and is one of the leading CCTV cameras and equipment suppliers in Estonia and the Baltics. The most new models and technologies, the latest products from the most famous manufacturers of security equipment for video surveillance systems, and security systems can be found in the equipment catalog on our website.



| Denial of responsibility | Contacts |RSS