In the event port forwarding is needed, a NAT Rule will need to be created in the Mikrotik.

For this example, the NAT Rule is to allow access to a device on IP 192.168.88.100 using port 80 (extension 100).

For devices such as onsite PBX that have remote extensions and need a range of ports, use a hyphen (example: 10000-20000).  

To create the NAT rule, please do the following:

1. Log into the Mikrotik using Winbox and go to IP
2. Go to Firewall

3. From the Firewall window, go to the NAT tab
4. Click on the Blue Plus Sign to add a new rule
5. From the New NAT Rule window, under the General tab, set the following settings:
   1. Chain: dstnat
   2. Protocol: tcp
   3. Dst. Port: 8080 (to use a port range use a hyphen, example: 10000-20000) 
   4. In. Interface: ether1-gateway
6. Click on Action tab

7. For Action set to dst-nat
8. To Addresses: 192.168.88.100 (example)
9. To Ports: 80 (to use a port range use a hyphen, example: 10000-20000) 
10. Click Apply
11. Click Comment

12. In the Comment for NAT Rule <8080> add a comment to help identify the rule (e.g.: Ext 100)
13. Click OK to close the comment window
14. Click OK to close the NAT Rule window

15. The rule will now appear in bold to show that the rule is active

To make the rule inactive or to disable select the rule (the rule will be highlighted in blue) and click on the red "X" or type "d" to disable the rule.

** WARNING **

It is important to only have the rule active when working on the device. Do not leave the rule active when not working on the device or the device will get compromised.