Remote Router - Port Forwarding
Pengantar Remote Access Router
Remote access memungkinkan Anda untuk mengakses dan mengelola router atau perangkat jaringan dari lokasi yang berbeda melalui internet. Dengan menggunakan Port Forwarding, Anda dapat membuka akses ke berbagai layanan dan perangkat di jaringan lokal Anda dari luar.
🌐 Apa itu Port Forwarding?
Port Forwarding (penerusan port) adalah teknik yang memungkinkan traffic dari internet diteruskan ke perangkat spesifik di dalam jaringan lokal Anda. Teknik ini sangat berguna untuk:
- Mengakses router dari jarak jauh
- Mengelola server atau perangkat IoT
- Remote desktop ke komputer
- Mengakses kamera CCTV
- Hosting game server atau web server lokal
📊 Cara Kerja Port Forwarding
Internet → Router (IP Public) → Port Forwarding → Perangkat Lokal (IP Private)Router akan meneruskan request yang masuk pada port tertentu ke IP address dan port yang sudah ditentukan di jaringan lokal.
🔧 Port Forwarding di Mikrotik
Perintah Dasar Port Forwarding
Untuk mengkonfigurasi port forwarding di Mikrotik, gunakan perintah NAT (Network Address Translation):
/ip firewall nat add chain=dstnat dst-port=8291 protocol=tcp action=dst-nat to-addresses=192.168.88.1 to-ports=8291 comment="Winbox Remote Access"Contoh Konfigurasi Port Forwarding Umum
1. Remote Winbox (Port 8291)
/ip firewall nat add chain=dstnat dst-port=8291 protocol=tcp \
action=dst-nat to-addresses=192.168.88.1 to-ports=8291 \
comment="Winbox Access"2. SSH Access (Port 22)
/ip firewall nat add chain=dstnat dst-port=2222 protocol=tcp \
action=dst-nat to-addresses=192.168.88.1 to-ports=22 \
comment="SSH Access"3. Web Interface (Port 80/443)
/ip firewall nat add chain=dstnat dst-port=8080 protocol=tcp \
action=dst-nat to-addresses=192.168.88.1 to-ports=80 \
comment="Web Interface"4. API Access (Port 8728)
/ip firewall nat add chain=dstnat dst-port=8728 protocol=tcp \
action=dst-nat to-addresses=192.168.88.1 to-ports=8728 \
comment="API Access"🖥️ Perangkat yang Bisa Diakses via Port Forwarding
1. Router Mikrotik
| Service | Port Default | Port Forwarding | Deskripsi |
|---|---|---|---|
| Winbox | 8291 | 8291 | Aplikasi manajemen Mikrotik |
| WebFig | 80 | 8080 | Web interface Mikrotik |
| SSH | 22 | 2222 | Secure Shell access |
| Telnet | 23 | 2323 | Telnet access (tidak aman) |
| API | 8728 | 8728 | API untuk aplikasi eksternal |
| API-SSL | 8729 | 8729 | API dengan enkripsi SSL |
| FTP | 21 | 2121 | File Transfer Protocol |
Contoh Akses:
Winbox: IP_PUBLIC:8291
WebFig: http://IP_PUBLIC:8080
SSH: ssh admin@IP_PUBLIC -p 22222. Server & Komputer
| Service | Port | Kegunaan |
|---|---|---|
| RDP (Remote Desktop) | 3389 | Akses desktop Windows |
| VNC | 5900 | Remote desktop alternatif |
| TeamViewer | 5938 | Remote support |
| AnyDesk | 7070 | Remote desktop |
| SSH Server | 22 | Linux/Unix remote access |
Contoh RDP:
/ip firewall nat add chain=dstnat dst-port=3389 protocol=tcp \
action=dst-nat to-addresses=192.168.88.100 to-ports=3389 \
comment="RDP to PC Office"3. Web Server & Application
| Service | Port | Kegunaan |
|---|---|---|
| HTTP | 80 | Web server |
| HTTPS | 443 | Web server SSL |
| Apache | 80/8080 | Web server |
| Nginx | 80/8080 | Web server |
| MySQL | 3306 | Database server |
| PostgreSQL | 5432 | Database server |
| MongoDB | 27017 | NoSQL database |
Contoh Web Server:
/ip firewall nat add chain=dstnat dst-port=8888 protocol=tcp \
action=dst-nat to-addresses=192.168.88.50 to-ports=80 \
comment="Web Server Internal"4. CCTV & DVR/NVR
| Perangkat | Port Default | Deskripsi |
|---|---|---|
| Hikvision DVR/NVR | 8000, 80, 554 | HTTP, streaming |
| Dahua DVR/NVR | 37777, 80, 554 | HTTP, streaming |
| Generic IP Camera | 80, 554, 8080 | Web interface, RTSP |
| ONVIF | 80, 8080 | Protocol standar IP camera |
Contoh CCTV:
/ip firewall nat add chain=dstnat dst-port=8001 protocol=tcp \
action=dst-nat to-addresses=192.168.88.200 to-ports=80 \
comment="CCTV Camera 1"
/ip firewall nat add chain=dstnat dst-port=5540 protocol=tcp \
action=dst-nat to-addresses=192.168.88.200 to-ports=554 \
comment="RTSP Stream Camera 1"5. NAS (Network Attached Storage)
| Brand | Port | Service |
|---|---|---|
| Synology | 5000, 5001 | DSM (HTTP/HTTPS) |
| QNAP | 8080, 443 | Web interface |
| TrueNAS | 80, 443 | Web interface |
| FreeNAS | 80, 443 | Web interface |
Contoh Synology NAS:
/ip firewall nat add chain=dstnat dst-port=5000 protocol=tcp \
action=dst-nat to-addresses=192.168.88.150 to-ports=5000 \
comment="Synology NAS"6. Game Server
| Game | Port | Protocol |
|---|---|---|
| Minecraft | 25565 | TCP |
| Counter-Strike | 27015 | TCP/UDP |
| Rust | 28015 | TCP/UDP |
| ARK | 7777, 27015 | UDP |
| Valheim | 2456-2458 | UDP |
Contoh Minecraft Server:
/ip firewall nat add chain=dstnat dst-port=25565 protocol=tcp \
action=dst-nat to-addresses=192.168.88.100 to-ports=25565 \
comment="Minecraft Server"7. VPN Server
| Protocol | Port | Kegunaan |
|---|---|---|
| OpenVPN | 1194 | VPN connection |
| L2TP/IPSec | 500, 1701, 4500 | VPN connection |
| PPTP | 1723 | VPN connection (tidak aman) |
| WireGuard | 51820 | Modern VPN |
| SSTP | 443 | VPN over HTTPS |
Contoh OpenVPN:
/ip firewall nat add chain=dstnat dst-port=1194 protocol=udp \
action=dst-nat to-addresses=192.168.88.1 to-ports=1194 \
comment="OpenVPN Server"8. IoT & Smart Home
| Perangkat | Port | Service |
|---|---|---|
| Home Assistant | 8123 | Web interface |
| Node-RED | 1880 | Automation platform |
| Zigbee2MQTT | 8080 | MQTT bridge |
| TP-Link Kasa | 9999 | Smart devices |
| Philips Hue | 80, 443 | Smart lighting |
9. OLT (Optical Line Terminal)
Contoh OLT - Hioso:
/ip firewall nat add chain=dstnat dst-port=4300 protocol=tcp \
action=dst-nat to-addresses=192.168.0.88 to-ports=80 \
comment="Remot OLT"Contoh OLT - HSGQ:
/ip firewall nat add chain=dstnat dst-port=4300 protocol=tcp \
action=dst-nat to-addresses=192.168.100.1 to-ports=80 \
comment="Remot OLT"Contoh OLT - Vsol:
/ip firewall nat add chain=dstnat dst-port=4300 protocol=tcp \
action=dst-nat to-addresses=192.168.8.200 to-ports=443 \
comment="Remot OLT"🔒 Keamanan Port Forwarding
⚠️ Risiko Keamanan
Port forwarding membuka akses dari internet ke jaringan lokal Anda. Berikut tips keamanan:
1. Gunakan Port Non-Standard
Hindari port default, gunakan port custom:
# Jangan gunakan port 22 untuk SSH
# Gunakan port custom seperti 2222 atau 320002. Batasi IP Source
Hanya izinkan IP tertentu:
/ip firewall nat add chain=dstnat src-address=123.45.67.89 \
dst-port=8291 protocol=tcp action=dst-nat \
to-addresses=192.168.88.1 to-ports=8291 \
comment="Winbox from Office IP Only"3. Gunakan Firewall Filter
Tambahkan filter untuk proteksi:
/ip firewall filter add chain=input protocol=tcp dst-port=8291 \
connection-state=new src-address-list=!allowed-ips \
action=drop comment="Block unauthorized Winbox access"4. Aktifkan SSL/TLS
Gunakan koneksi terenkripsi:
- Winbox over SSL
- HTTPS instead of HTTP
- SSH instead of Telnet
- API-SSL instead of API
5. Strong Password & Authentication
- Gunakan password kompleks (minimal 16 karakter)
- Aktifkan two-factor authentication jika tersedia
- Ganti password default
- Disable user yang tidak digunakan
6. Monitoring & Logging
/ip firewall nat add chain=dstnat dst-port=8291 protocol=tcp \
action=dst-nat to-addresses=192.168.88.1 to-ports=8291 \
log=yes log-prefix="WINBOX-ACCESS" comment="Log Winbox Access"7. Rate Limiting
Lindungi dari brute force attack:
/ip firewall filter add chain=input protocol=tcp dst-port=22 \
connection-state=new src-address-list=ssh_blacklist action=drop
/ip firewall filter add chain=input protocol=tcp dst-port=22 \
connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m
/ip firewall filter add chain=input protocol=tcp dst-port=22 \
connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1d🛠️ Troubleshooting Port Forwarding
Masalah Umum dan Solusi
1. Port Forwarding Tidak Berfungsi
✅ Solusi:
- Pastikan router mendapat IP Public (bukan IP Private dari ISP)
- Cek NAT rule sudah benar (chain=dstnat)
- Pastikan firewall tidak memblokir
- Test dari luar jaringan (gunakan 4G/mobile data)
2. Akses Lambat atau Terputus
✅ Solusi:
- Cek bandwidth upload ISP
- Periksa connection tracking limit
- Optimalkan queue/bandwidth management
- Gunakan compression jika tersedia
3. Tidak Bisa Akses dari IP Public
✅ Solusi:
- Cek IP Public dengan
whatismyip.com - Pastikan port tidak diblokir ISP
- Test dengan port checker online
- Coba port alternatif
4. Hairpin NAT / Loopback
Jika ingin akses dari dalam jaringan menggunakan IP public:
/ip firewall nat add chain=srcnat src-address=192.168.88.0/24 \
dst-address=192.168.88.0/24 action=masquerade \
comment="Hairpin NAT"📱 Tools untuk Testing Port Forwarding
Online Tools
- CanYouSeeMe.org - Test port terbuka
- PortChecker.co - Cek status port
- YouGetSignal.com - Port scanning tool
- Nmap - Network scanning (advanced)
Command Line Testing
# Test dari luar jaringan
telnet IP_PUBLIC PORT
# Contoh:
telnet 203.123.45.67 8291
# Atau gunakan netcat
nc -zv IP_PUBLIC PORT
# Contoh:
nc -zv 203.123.45.67 8291📚 Referensi Tambahan
Tutorial Terkait
- Login Page Hotspot - Setup login page Mikrotik
- Panduan VPN - Konfigurasi VPN server
- Mikhmon - Remote access Mikhmon
Link Berguna
- 🌐 https://emsyanet.com/ - Website resmi
- 📖 Mikrotik Wiki - Dokumentasi resmi Mikrotik
- 💬 Forum Mikrotik - Komunitas pengguna Mikrotik
📞 Butuh Bantuan?
Jika Anda mengalami kesulitan dalam mengkonfigurasi port forwarding atau remote access, tim support kami siap membantu!
- 🌐 Website: https://emsyanet.com/
- 📧 Email: support@emsyanet.com
- 💬 Live Chat: Tersedia di website kami
Catatan Penting: Selalu prioritaskan keamanan saat membuka akses remote. Gunakan enkripsi, strong password, dan batasi akses hanya untuk IP yang dipercaya.
Last updated on