Hi,
I have a question how can I forward UDP packages for DNS between sites.
I have a DNS server what I would like to use externally ( IP 2.2.2.2 ) , but the provider does not allow to NAT 53/UPD and 53/TCP
So I though I will setup a NAT on different site, external IP 1.1.1.1 , then NAT all incoming request on TCP/UDP 53 to 2.2.2.2 port 5555 .
This is working fine, but nothing goes back to the client where the DNS is configured for 1.1.1.1
Do you have any idea how can I solve this?
Thanks!
NAT on “different site” should do DST-NAT which you probably configured … but it should do SRC-NAT as well. If SRC-NAT is not done, then replies from DNS server go back to your site directky, but there they’re eitger filtered by ISP, or more likely by your MT as they return from unexpected remote site.
I think these are the roles that you need(if I understood):
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-addresses=1.1.1.1
add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=53 in-interface=ether1 protocol=tcp to-addresses=2.2.2.2
add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=53 in-interface=ether1 protocol=udp to-addresses=2.2.2.2