In a big establishment with multiple routers with one of them assigned a public IP, multiple port forwarding can be configured to provide access to a web server connected to a router behind the core router. This setup will work even though the router on which the web server is connected, has no public IP.
As shown on the network topology below, router1 has a public IP, but router2 has none, To provide web access to the web server connected to the switch behind router2, I will configure multiple port forwarding through routers 1 and 2 on port 80. The configuration is not different from normal port forwarding required to accomplish a similar requirement on a single Mikrotik router. Just that here, port forwarding will be done on both routers.
The configuration for this lab will be done on routers 1 and 2. On router1, I will configure destination Nat to send http traffics from the internet, destined to the public IP on router1 to the private IP on router2 on port 80. After that, I will configure a second destination NAT on router2 to send all web traffics sent to the WAN interface of router2, to the IP address on the web server. See commands below:
/ip firewall nat add chain=dstnat dst-address=126.96.36.199 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.10.253 to-ports=80
You may also like: Prevent attacks on your routers through mikrotik socks port.
/ip firewall nat add chain=dstnat dst-address=192.168.10.253 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.20.253 to-ports=80
That’s all that will is required for this lab, guys. I you experience any issues implementing it, kindly drop a comment and I will be more than happy to assist.
You may also like: How to configure time-based firewall filter rules on Mikrotik routers