My network is a basic SOHO LAN.
[WAN] --24.123.1.2-- [2.9.50 RouterOS] --10.0.0.0/24-- [LAN]
My LAN, as far as this post is concerned, two nodes:
What I would like to enable is any traffic destined for 24.123.1.2:80 from 10.0.0.0/24 be redirected to 10.0.0.2:80
Thanks in advance!
Josh
You NAT rules like,
‘ip firewall nat add action=dstnat chain=dst-nat protocot=tcp dst-port=80 dst-address=public_IP_Address to-addresses=local_IP_address to-ports=80’
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php
I have tried that exact same rule and it is not working =/
Then try harder 
haven’t you forgot to run web server on 10.0.0.2? What are the symptoms of this non-working issue?
I’m positive the web server is working. I can access it at 10.0.0.2 from within the lan and 24.123.1.2 from outside the network just fine with this rule:
add chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=80 \
in-interface="wan - integ" dst-port=80 protocol=tcp comment="logic - http" \
disabled=no
By “not working” I mean any time I point my browser to 24.123.1.2 it simply times out.
Forgot to mention that Winbox is counting packets as I hit it. My nmap tells me the port is filtered.
Have you turned off MT’s webserver service port?
It isn’t off - it was changed from port 80, though.
iam8up,
Do you access page from local network of this router or from remote location ?
I think it is working from remote networks,
I see for this address,
This Web site not available due to technical difficulties, or does not exist.
Please check back at a later time, or check the URL you are attempting to access.
Thanks for your understanding.
If you are the owner of this site please contact the Server Administrator.
It should not work from local network, as you have in-interface=“wan - integ”.
I assume it is public interface, so packets are being forwarded only from public interface (not from local).
I guess you’re trying to connect to the public address from within your private network?
It looks like you’ve set your DNAT rule to only operate on packets originating from your WAN interface, this means packets from your internal browser will not get translated and will be trying to connect to a Web Server on the router itself.
Do:-
ip firewall nat add action=dstnat chain=dst-nat protocot=tcp dst-port=80 dst-address=24.123.1.2 to-addresses=10.0.0.2 to-ports=80
This will then translate packets from any interface.
24.123.1.2 was an IP I thought would be good for an example WAN IP. I can’t memorize my own - sorry about that!
What I would like to enable is any traffic destined for 24.123.1.2:80 from 10.0.0.0/24 be redirected to 10.0.0.2:80
I’m told by one of the consults, as I’ve learned to be a real expert in MikroTik, that this can not be done. The Linux Kernel can not forward traffic destined from which it came. I could enable a PPTP tunnel (another interface at this point) or add a whole other interface to my router to solve my problem.
In short, it can not be done. Oh well.
I guess that usually web-servers use DNS, isn’t it ?
So, when you have http://www.something.com,
that is pointing to 24.123.1.2, then router is pointing to 10.0.0.2.
You may use static DNS cache in router, then forward http://www.something.com to local network users.