If to use destination NAT then it is possible to forward connections to internal network from the Internet side of the router, but the internal host will see the connection originating from the Internet.
How to "regenerate" traffic so port forwarding to some internal LAN host is not visible as connection coming from the outside network, but from the router itself?
I would vision it as having destination NAT paired with source NAT would do the trick, but I am afraid that is not a valid combination.
Any ideas?
Re: How to hide port forwarding?
masquerade the traffic that's coming in. is one way
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php
action (accept | add-dst-to-address-list | add-src-to-address-list | dst-nat | jump | log | masquerade | netmap | passthrough | redirect | return | same | src-nat; default: accept) - action to undertake if the packet matches the rule
accept - accepts the packet. No action is taken, i.e. the packet is passed through and no more rules are applied to it
add-dst-to-address-list - adds destination address of an IP packet to the address list specified by address-list parameter
add-src-to-address-list - adds source address of an IP packet to the address list specified by address-list parameter
dst-nat - replaces destination address of an IP packet to values specified by to-addresses and to-ports parameters
jump - jump to the chain specified by the value of the jump-target parameter
log - each match with this action will add a message to the system log
masquerade - replaces source address of an IP packet to an automatically determined by the routing facility IP address
netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to distribute public IP addresses to hosts on private networks
passthrough - ignores this rule goes on to the next one
redirect - replaces destination address of an IP packet to one of the router's local addresses
return - passes control back to the chain from where the jump took place
same - gives a particular client the same source/destination IP address from supplied range for each connection. This is most frequently used for services that expect the same client address for multiple connections from the same client
src-nat - replaces source address of an IP packet to values specified by to-addresses and to-ports parameters
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php
action (accept | add-dst-to-address-list | add-src-to-address-list | dst-nat | jump | log | masquerade | netmap | passthrough | redirect | return | same | src-nat; default: accept) - action to undertake if the packet matches the rule
accept - accepts the packet. No action is taken, i.e. the packet is passed through and no more rules are applied to it
add-dst-to-address-list - adds destination address of an IP packet to the address list specified by address-list parameter
add-src-to-address-list - adds source address of an IP packet to the address list specified by address-list parameter
dst-nat - replaces destination address of an IP packet to values specified by to-addresses and to-ports parameters
jump - jump to the chain specified by the value of the jump-target parameter
log - each match with this action will add a message to the system log
masquerade - replaces source address of an IP packet to an automatically determined by the routing facility IP address
netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to distribute public IP addresses to hosts on private networks
passthrough - ignores this rule goes on to the next one
redirect - replaces destination address of an IP packet to one of the router's local addresses
return - passes control back to the chain from where the jump took place
same - gives a particular client the same source/destination IP address from supplied range for each connection. This is most frequently used for services that expect the same client address for multiple connections from the same client
src-nat - replaces source address of an IP packet to values specified by to-addresses and to-ports parameters
Re: How to hide port forwarding?
Thanks. With some thinking I implemented the idea I proposed earlier and it does work.
Who is online
Users browsing this forum: No registered users and 95 guests