Сonfiguration Mikrotik

Tell me, please, can someone set up Mikrotik for the Story node? What are the features. We found out experimentally that packages are lost through Mikrotik. If you release it directly to the network, then everything is fine. Routing Settings:
Mikrotik 951Ui-2HnD
chain=dstnat action=netmap to-addresses= to-ports=28967 protocol=tcp dst-port=28967 log=no log-prefix=""
chain=forward action=accept protocol=tcp dst-port=28967 log=no log-prefix=""

Thank you in advance.

Hi, use destination NAT instead of netmap.

Her is example from Mikrotik wiki:

Destination NAT

Forward all traffic to internal host

If you want to link Public IP address to Local one, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to initiate connections to outside with given Public IP you should use source address translation, too.

Add Public IP to Public interface:

/ip address add address= interface=Public

Add rule allowing access to the internal server from external networks:

/ip firewall nat add chain=dstnat dst-address= action=dst-nat \ to-addresses=

Add rule allowing the internal server to initate connections to the outer networks having its source address translated to

/ip firewall nat add chain=srcnat src-address= action=src-nat \ to-addresses=


That’s right:
chain=dstnat action=dst-nat to-addresses= to-ports=28967 protocol=tcp
dst-address= dst-port=28967 log=no log-prefix=""
chain=srcnat action=src-nat to-addresses= src-address= log=no

1 Like

Moved a 3 nodes under Mikrotik, but elevated only one.
Attached the screenshots of settings of the 2nd node.

Were I’ve gone wrong with settings?


Here is my conf, i have 40 nodes working like that

you also need to open port in firewall

Do you have a src-nat rules too?

If I will to add an additional node to a router portforward it will looks like that?

Dst. Port: 28968
To ports: 28968

Yes, also ports to firewall

Ok, it is a primary setting that I’ve set before.

Is a “Dst. address” is public address?
If I’m using cloud no-ip service of a Mikrotik over Dynamic DNS what should I put there?

the NAT table looks like that:

Any comments about rules fixing would be appreciate:)

I asked that question to @Vadim

netmap rule seems should be removed

I’ve been tried to move dst-nat over netmap, but the node not starts that way.

Maybe I’ve missed some other dependencies but after I’ve rolled back to netmap - dst-nat (the initial setting) the node started and works.

did you opend windows firewall also? how did you installed additional nodes?
also did you aded firewall rules to mikrotik on 28968 and 28969

I’ve installed them via Docker (as usual)

this is my Mikrotik firewall rules (IP->Firewall->NAT):

Windows firewall configured like I did before and they as on a several of my PC’s.

this is not firewall rules, this is NAT rules firewall is separate

I have default “Filter rules” only.

Can you provide a screenshot with typical rule settings?

Screenshot 2022-03-20 155901
Also add to Action Accept.

this role shold be before drop All rule as rules executings row by row.

please make research how to make rules for firewall, it is very dangerous to operate node, without protection. By operationg node you expose your ip to wide web.