dst-nat rule not working ?

jo2jo · August 1, 2006, 11:57pm

I’m trying to stream traffic from a router i have on the net to my local machine. THe stream is running over port udp 37008.

I have tons of syslog messages pooring through this router on many different udp ports..all are dst-nat NetMapped to the proper logging machine.

THe problem is that i can not see ANY of these packets on the dst-nat rule (by watching the packet / bytes couter) thus they are not being mapped.

A mangle or Firewall rule sees the data on dst port 37008 just fine. SO i tried doing a mangle rule that catches the packets with action Packet Mark…then just set the NAT Netmap rule to look for the packet mark…does not work. still does not see any traffic.

Any Ideas? this may be a bug related to this type of traffic.

tks

changeip · August 2, 2006, 12:15am

is this tzsp you are streaming from the router?

jo2jo · August 2, 2006, 12:20am

yes…since im using the built in MT streaming- right?

changeip · August 2, 2006, 1:11am

I don’t believe the packet flow allows you to NAT the ‘output’ of the router?

http://www.mikrotik.com/docs/ros/2.9/ip/flow

I don’t see that the Local-ProcessOut flows thru dst-nat.

Seems like you should, but we can’t src-nat icmp and other router generated traffic either.

Sam

jo2jo · August 2, 2006, 4:56am

so essentally MT can’t do dst-nat ing on tzsp?