Port forwarding for Mikrotik router?

[Learning_Curve 3]

Is anybody here familiar with Mikrotik routers? I'm having trouble getting a port forwarded to my machine running the Emby server.

 

I can connect locally, and with my mobile device when wifi is on and connected to my LAN. But I can't get through from the outside world. I've tried asking over at Mikrotik's forums, but two days later, and I'm no closer than when I started.

 

Windows 7 Home

Mikrotik RB2011

Android 4.4.2 rooted

Current Emby software & app on both

 

If anyone needs any more info, I'll happily provide it.

[CBers 6802]

Have you Googled it?

 

http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP

 

http://m.youtube.com/watch?v=8sGL58AhQCQ

 

http://mikrotikroutersetup.blogspot.co.uk/2014/02/mikrotik-port-forwarding-example-how-to.html?m=1

[Learning_Curve 3]

Yes. Countless ways, countless times. I'm a registered user at the Mikrotik forums, and even they're not much help.

 

I was hoping to get some advice from someone who is both an Emby user and a Mikrotik user.

[theking2008 5]

Have you tried changeip? this has helped me a lot. http://www.changeip.com/. Many of the problems is that the isp does not forwards you external ip to devices unless you have a DNS server or router. They have a free account and a pay account, have tried the free account for over a year and it works great, now I have the pay account for $15 dollars a year. Give it a try and let us know if it worked.

[tarnalcock 4]

Is anybody here familiar with Mikrotik routers? I'm having trouble getting a port forwarded to my machine running the Emby server.

 

I can connect locally, and with my mobile device when wifi is on and connected to my LAN. But I can't get through from the outside world. I've tried asking over at Mikrotik's forums, but two days later, and I'm no closer than when I started.

 

Windows 7 Home

Mikrotik RB2011

Android 4.4.2 rooted

Current Emby software & app on both

 

If anyone needs any more info, I'll happily provide it.

I have a 433AH myself. I was able to port forward using it (previously). Unfortunately I do not have internet at home so cannot test with it now to let you know how I did it. It really depends very much on your current configuration (both hardware and software).

 

The first thing to consider, though is that I assume your mikrotik is merely an intermediary device, possibly doing the authentication, but surely not the actual physical connection? Some Questions:

• What type of internet do you have? (DSL, Cable etc.)
• Which device is acting as your DHCP server?
• Do you have a firewall enabled on the Mikrotik?

In my case, I was using a DSL router as a bridge, with my mikrotik acting as the PPPoE client, DHCP server and firewall etc. so all of my configuration lay with the mikrotik. However if your setup is a little different, you will need to look a bit further than that.

 

Also, if your ISP assigns a dynamic IP (most likely!), you will need need to use a DDNS service to map this constantly. However while testing, determining your IP via http://whatismyIP.com will suffice. Usually this will only change when your session resets (router restart etc.) 

[Learning_Curve 3]

 

 

The first thing to consider, though is that I assume your mikrotik is merely an intermediary device, possibly doing the authentication, but surely not the actual physical connection? Some Questions:

• What type of internet do you have? (DSL, Cable etc.)
• Which device is acting as your DHCP server?
• Do you have a firewall enabled on the Mikrotik?

In my case, I was using a DSL router as a bridge, with my mikrotik acting as the PPPoE client, DHCP server and firewall etc. so all of my configuration lay with the mikrotik. However if your setup is a little different, you will need to look a bit further than that.

 

Also, if your ISP assigns a dynamic IP (most likely!), you will need need to use a DDNS service to map this constantly. However while testing, determining your IP via http://whatismyIP.com will suffice. Usually this will only change when your session resets (router restart etc.) 

 

It is a Dynamic IP, but from what I've seen, it only changes a couple times a year at most. Still, my understanding is that by using the Emby Connect feature (or whatever it's called), that IP address isn't important. Indeed, the first time I opened the app on my phone and signed in with my email, I had and invitation to join the server waiting for me.

 

It's not a modem, just a router. RB2011.

Cable Internet.

The RB2011 is the DHCP server. All devices on LAN have static IPs.

Firewall is enabled. But I've tried connecting after disabling all the rules, and still, nothing is getting through.

 

My understanding based on what I can make of all this is that NAT-ting is happening before the firewall. I'm trying to connect using both my own browser (by using http://ipaddress:8096) and the (official) Emby for Android app. If I'm running Mikrotik's packet-sniffer, I don't see anything even showing up at ports 8096 or 8902. I can connect locally no problem - either by using http://localhost:8096 or, if my Android is connected to my LAN via wifi, it works beautifully. Just not remotely.

 

Quick edit to add: I've even restored the Default, out-of-the-box config with no firewall and no NAT rules beyond the basic masquerade for the external-facing interface.

Edited October 7, 2015 by Learning_Curve

[Danee 57]

I'm not familiar with an RB2011, have only played a bit with an RB750 and no unit close to look at it, but I'll try.

If you type /ip address followed by export, what IP address is listed for the interface that connects to your router? Is it your public address?

If you type /ip firewall nat and then export, can you post your forwarding rule here?

[Learning_Curve 3]

The command /ip address export gives the following:

# oct/08/2015 02:43:55 by RouterOS 6.32.2
# software id = 64RV-JMEM
#
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.88.0

The command /ip address print gives what looks like the same information in a little different format

Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    bridge-local
 1 D 192.168.0.6/24     192.168.0.0     ether10-gateway

ether10-gateway being my WAN interface.

 

And, my NAT rules:

[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=dstnat action=dst-nat to-addresses=192.168.88.253 to-ports=22555
      protocol=tcp dst-address-type=local dst-port=22555 log=no log-prefix=""

 1    ;;; default configuration
      chain=srcnat action=masquerade out-interface=ether10-gateway log=no
      log-prefix=""

 2 X  chain=dstnat action=dst-nat to-addresses=192.168.88.253 to-ports=22535
      protocol=tcp src-address=192.168.0.6 dst-port=22535 log=no
      log-prefix=""

Note disabled Rule #2 - I was aiming for HTTPS until I found out that the mobile app doesn't support it. Rule #1 is the standard masquerade for an outward facing interface. Rule #0 is the DST-NAT. I thought I was doing right by leaving it as broad as possibe (i.e., no specific source/destination addresses, no specific interface, etc.) but since it doesn't work as-is, something must be wrong. I've tried populating the various fields but it doesn't change anything.

 

QUICK EDIT: Yes, I did change the ports in the server config. I thought maybe my ISP was blocking the others? But I don't think that's the case.

Edited October 8, 2015 by Learning_Curve

[Danee 57]

So your 'public' IP on your Mikrotik is 192.168.0.6, and you've setup a forwarder to your server at 192.168.88.253.

The problem is that the address 192.168.0.6 isn't your real public IP address, it's an address behind the NAT of your router. It is possible to get this working, but requires also setting up a forwarder on your router.

Or, another option would be to put your router in Bridge mode, that way your Mikrotik would receive a real public address but this may not be possible, there are ISP's that don't supports/allow this.

 

What brand/type of router do you have from which ISP (and country)?

[Danee 57]

@Learning_Curve Any luck getting this to work?

Edited October 16, 2015 by Danee

[Learning_Curve 3]

The problem I was having was with my modem. I never even gave it a thought, because it's been so long since I messed with it. It's one of those not-just-a-modem deals with wireless, a router, a firewall, etc.

 

Once I got in and changed some settings, everything started working the way it should.

 

Thanks.