DNAT Confusion

jeffd · January 27, 2009, 5:59am

I’ve got an Internet connection that is NATed by a non-mikrotik device. What happens currently is that this (non-mikrotik) has a DMZ IP(10.145.18.43) set for an IP on the same subnet as the LAN side of this device. This DMZ IP is an IP on a RB500 interface. There is a DNAT statement on the mikrotik router:

add chain=dstnat dst-address=10.145.18.43 action=netmap to-addresses=10.10.120.82 to-ports=0-65535 comment=“” disabled=no

This all of the NAT statements on this device.

When outside the network I can use the external public IP to get to the HTTP service on 10.10.120.82. If I place my computer in the 10.145.18.43/24 subnet and try to navigate to 10.145.18.43 I can reach the HTTP service. I want to disable the DNAT statement and use 10.10.120.82, except when I do I can ping but not reach the HTTP service on 10.10.120.82.

Anyone know what is happening?

Thanks in advance.

jeffd · January 27, 2009, 6:21am

I tried disabling the DNAT statement again and after about 5 minutes I was able to access the HTTP service with the actual address of the server. I wasn’t able to turn it off for too long before since the server is used quite a bit and I couldn’t afford downtime.

hilton · January 27, 2009, 12:06pm

What role does the Mikrotik router play in this set-up? Draw a diagram if necessary.

Sorry but I don’t understand the big picture.