vSoul
May 5, 2011, 1:43pm
1
Hello, there is one problem that I could not solve.
Packet flow:
ExtIPc______ExtIPr_IntIPr____IntIPs
Packet, stage 1:
Packet, stage 2:
Packet, stage 3:
Thanks.
fewi
May 5, 2011, 2:09pm
2
Configure both source and destination NAT rules. Destination NAT translates the destination IP address in the packet header of the first packet of a connection, repeats the same operation for all subsequent packets, and does the reverse for return traffic. Source NAT translates the source IP address in the packet header of the first packet of a connection, repeats the same operation for all subsequent packets, and does the return traffic. Source NAT happens after destination NAT, so when source NAT looks at the packet the destination IP has already been rewritten.
Consule the packet flow manual page for details: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
For example, let’s assume host 1.1.1.1 sends a packet to 2.2.2.2. You want the packet to go 3.3.3.3 instead, and to appear to be coming from 4.4.4.4.
/ip firewall nat
add chain=dstnat src-address=1.1.1.1 dst-address=2.2.2.2 action=dst-nat to-address=3.3.3.3
add chain=srcnat src-address=1.1.1.1 dst-address=3.3.3.3 action=src-nat to-address=4.4.4.4
1.1.1.1 sends to 2.2.2.2
after the packet has traversed the destination NAT chain 1.1.1.1 sends to 3.3.3.3
after the packet has traversed the source NAT chain 4.4.4.4 sends to 3.3.3.3
3.3.3.3 processes the packet and sends back to 4.4.4.4
after the packet has traversed the destination NAT chain to undo the source NAT that happened the other way 3.3.3.3 sends to 1.1.1.1
after the packet has traversed the source NAT chain to undo the destination NAT that happened the other way 2.2.2.2 sends to 1.1.1.1
zali126
December 12, 2017, 12:45pm
4
Can reply with diagram i have Mikrotik Barodband Router
normis:
Hello, there is one problem that I could not solve.
Packet flow:
ExtIPc______ExtIPr_IntIPr____IntIPs
Packet, stage 1:
Packet, stage 2:
Packet, stage 3:
Thanks.
unlimited1981:
Configure both source and destination NAT rules. Destination NAT translates the destination IP address in the packet header of the first packet of a connection, repeats the same operation for all subsequent packets, and does the reverse for return traffic. Source NAT translates the source IP address in the packet header of the first packet of a connection, repeats the same operation for all subsequent packets, and does the return traffic. Source NAT happens after destination NAT, so when source NAT looks at the packet the destination IP has already been rewritten.
Consule the packet flow manual page for details: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
For example, let’s assume host 1.1.1.1 sends a packet to 2.2.2.2. You want the packet to go 3.3.3.3 instead, and to appear to be coming from 4.4.4.4.
/ip firewall nat
add chain=dstnat src-address=1.1.1.1 dst-address=2.2.2.2 action=dst-nat to-address=3.3.3.3
add chain=srcnat src-address=1.1.1.1 dst-address=3.3.3.3 action=src-nat to-address=4.4.4.4
1.1.1.1 sends to 2.2.2.2
after the packet has traversed the destination NAT chain 1.1.1.1 sends to 3.3.3.3
after the packet has traversed the source NAT chain 4.4.4.4 sends to 3.3.3.3
3.3.3.3 processes the packet and sends back to 4.4.4.4
after the packet has traversed the destination NAT chain to undo the source NAT that happened the other way 3.3.3.3 sends to 1.1.1.1
after the packet has traversed the source NAT chain to undo the destination NAT that happened the other way 2.2.2.2 sends to 1.1.1.1
Hi Fewi, I find your post very useful. I am available to send packets to monitor them. If possible to receive them whit their originally source ip. I am using wireshark. Thank you.
Hi fewi, great stuff, very useful!