Community discussions

MikroTik App
 
matthysdt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Tue Jun 01, 2010 11:19 am

Redirecting HTTP traffic sent TO my router

Tue Mar 29, 2011 5:47 pm

This is a simple one (I hope), just need a nudge in the right direction.

I want to forward data on the http/https protocol to a specific server depending on the port being used.

For instance, say my local MikroTik's IP address is 192.168.88.1
If a PC on my network attempts to access say, port 500, i want to be able to redirect that traffic to an alternative server.

So if a PC (say 192.168.88.2) types this in a browser: http://192.168.88.1:500/myfolder/public/index.htmI want the mikrotik to forward/redirect this traffic to another server, say http://someServer.com:500/myfolder/public/index.htm
I'm still somewhat confused about dst-nat vs src-nat, but I'm pretty sure that I need to use a NAT rule with one of the NAT actions, just not sure which one and how.

If you're interested, the reason for this setup is:
* The client PC does not have direct access to http://someServer.com via the desired link since
* the mikrotik is not the client PC's gateway
* simply routing would therefor not solve this problem
* The mikrotik DOES have access to http://someServer.com via the desired link.

I was able to create an application in VB that solved this problem, but my application only works for simple TCP/UDP connections (like VNC) and not for HTTP.

Regards!
 
matthysdt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Tue Jun 01, 2010 11:19 am

Re: Redirecting HTTP traffic sent TO my router

Tue Mar 29, 2011 6:16 pm

I drew up an example to explain this more clearly.
This network already has fully functional Leased-line with 3G failover in place.

What I'm attempting is to add a faster (less reliable) line, like DSL, and use it for only one specific program, without tinkering with the existing solution.

Image
 
User avatar
rezamoghadam
Trainer
Trainer
Posts: 33
Joined: Wed Mar 02, 2011 1:01 pm
Location: Iran , Ahvaz
Contact:

Re: Redirecting HTTP traffic sent TO my router

Tue Mar 29, 2011 6:57 pm

If i Correct Think About Your idea , You Can Do This With Destination Nat ...

i explain that with this example :

you want , if anybody use X.X.X.X:X , that body redirect to X.X.X.X:Y or Y.Y.Y.Y:Y .

Solution can be done with Destination Nat and is very Simple :

ip firewall nat add action=dst-nat chain=dstnat comment="Redirect To Y Server" disabled=no
dst-address=192.168.88.1 dst-port=80 protocol=tcp to-addresses=Y.Y.Y.Y


Also You Can Redirect to Address And Also Port :

ip firewall nat add action=dst-nat chain=dstnat comment="Redirect To Y Server" disabled=no
dst-address=192.168.88.1 dst-port=80 protocol=tcp to-addresses=Y.Y.Y.Y to-ports= Y
 
matthysdt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Tue Jun 01, 2010 11:19 am

Re: Redirecting HTTP traffic sent TO my router

Wed Mar 30, 2011 9:38 am

If i Correct Think About Your idea , You Can Do This With Destination Nat ...

i explain that with this example :

you want , if anybody use X.X.X.X:X , that body redirect to X.X.X.X:Y or Y.Y.Y.Y:Y .

Solution can be done with Destination Nat and is very Simple :

ip firewall nat add action=dst-nat chain=dstnat comment="Redirect To Y Server" disabled=no
dst-address=192.168.88.1 dst-port=80 protocol=tcp to-addresses=Y.Y.Y.Y


Also You Can Redirect to Address And Also Port :

ip firewall nat add action=dst-nat chain=dstnat comment="Redirect To Y Server" disabled=no
dst-address=192.168.88.1 dst-port=80 protocol=tcp to-addresses=Y.Y.Y.Y to-ports= Y
Hi rezamoghadam, it seems that did the trick!
Many thanks!
It's a great way of bypassing the default gateway and force a new route for the application to take!
 
User avatar
rezamoghadam
Trainer
Trainer
Posts: 33
Joined: Wed Mar 02, 2011 1:01 pm
Location: Iran , Ahvaz
Contact:

Re: Redirecting HTTP traffic sent TO my router

Wed Mar 30, 2011 11:25 am

do your problem is solved or not ?

can i help you ?
 
matthysdt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Tue Jun 01, 2010 11:19 am

Re: Redirecting HTTP traffic sent TO my router

Wed Mar 30, 2011 1:06 pm

do your problem is solved or not ?

can i help you ?
Yes, it's working! Thank you!
 
User avatar
rezamoghadam
Trainer
Trainer
Posts: 33
Joined: Wed Mar 02, 2011 1:01 pm
Location: Iran , Ahvaz
Contact:

Re: Redirecting HTTP traffic sent TO my router

Wed Mar 30, 2011 4:48 pm

Your Wellcome ...

if you have any question , i can help you my friend ...
 
onlysuraj
Member Candidate
Member Candidate
Posts: 134
Joined: Sun Jul 10, 2011 10:00 am
Location: india

Re: Redirecting HTTP traffic sent TO my router

Wed Feb 29, 2012 9:37 am

Your Wellcome ...

if you have any question , i can help you my friend ...
sorry for disturbing you frient
but i have a problem with redirecting to or from squid server

this is setup for internel lan

wan link is on mt 450g (ether1)10.210.2.5/24
ether2 connected to squid (with single lan card)192.168.5.1 mt interface and squid ip is 192.168.5.2/24
and ether3 is used for lan with natting (dhcp server interface on ether3) 10.0.0.1/8

first rule:
masqurade the source to wan outinterface is ether1
0.0.0.0/0 gateway 10.210.2.1
#############
create routing mark
chain=prerouting source add=lan ip (client'ip) protocol= 6(tcp) dest port 80 routing mark= http action mark routing passthrough=yes

and add route for mangle http with mark 0.0.0.0/0 gateway =192.168.5.2/24 routing mark =http
###############

dstnat for ::
/ ip firewall nat
add chain=dstnat source add=10.0.0.0/8 dst-port 80 protocol=tcp action=dstnat to add 192.168.5.2 to port 3128 . also add in-interface = lan (client comes from)
/ip firewall nat
add chain= dstnat source add= 10.0.0.0/8 dstnat=80 protocol=tcp action=accept
also add in-interface=lan (whaere lan client comes from)


############

i think there is little mistake so can you guide is right direction

thanks in advance :)

Who is online

Users browsing this forum: No registered users and 18 guests