Help Destination NAT

qcmodem · January 30, 2006, 1:30am

Having some problems with Destination NAT. I have a router setup:

ether1 to internet (dynamic client) 12.207.155.xxx
ether2 to hotspot network 10.5.50.0/24
ether3 to local network 192.168.1.0/24

I have a server on ether3 at 192.168.1.225 port 4980

I have tried to follow the examples and when I add a rule all traffic goes to the server.

I have tried:

/ip firewall nat add chain=dstnat dst-port=4980 action=dst-nat to-addresses=192.168.1.225

/ip firewall nat add chain=dstnat dst-address=12.207.156.xxx dst-port=4980 action=dst-nat to-addresses=192.168.0.109

When I do I loose connection to all services on the router.

Any help would be appreciated.

mezlo · January 30, 2006, 3:49am

Try the following and see if it works:

/ip firewall nat
add chain=dstnat in-interface=!ether3 protocol=tcp dst-port=4980 \
action=dst-nat to-addresses=192.168.1.225 to-ports=4980

Mezlo

onowojemma · February 14, 2006, 8:49pm

Hello Sir,
Please i need some help on NAT i have a server with the 10.0.0.2/24 and i need to access it from outside with this IP address 63.109.247.27 i use this rule below but i was not able to use it to evrn browse the net and not able to access it from the internet there is no firewall on the Mikrotik if i use src-nat ip firewall nat add chain=srcnat out-interface=Cyber_Net action=masquerade it will browse but when i remove it and use this /ip firewall nat add chain=dstnat dst-address=63.109.247.27 action=dst-nat to-addresses=10.0.0.2
/ip firewall nat add chain=srcnat src-address=10.0.0.2 action=src-nat to-addresses=63.109.247.27 it will not work can any one please help me

mezlo · February 15, 2006, 4:33am

In order to access the internet from your lan (10.0.0.0/24), try the following rule:

/ip firewall nat
add chain=srcnat src-address=10.0.0.0/24 action=masquerade

Now, in order to access services on the server 10.0.0.2 from the internet, you need to know what ports to forward. For example, to access a webserver on that machine, try the following rule:

/ip firewall nat
add chain=dstnat dst-address=63.109.247.27 protocol=tcp \
dst-port=80 action=dst-nat to-addresses=10.0.0.2 to-ports=80

Let me know if I have interpreted your question correctly and whether or not this answers it.

Mezlo

onowojemma · February 15, 2006, 7:49am

not extectly i have a server that does hotspot and i want to use the MOT as it firewall and it need to be acess from the internat not just a particular services thanks for your reply am still expecting more

mezlo:

In order to access the internet from your lan (10.0.0.0/24), try the following rule:
/ip firewall nat
add chain=srcnat src-address=10.0.0.0/24 action=masquerade
Now, in order to access services on the server 10.0.0.2 from the internet, you need to know what ports to forward. For example, to access a webserver on that machine, try the following rule:
/ip firewall nat
add chain=dstnat dst-address=63.109.247.27 protocol=tcp \
dst-port=80 action=dst-nat to-addresses=10.0.0.2 to-ports=80
Let me know if I have interpreted your question correctly and whether or not this answers it.

Mezlo

cibernet · February 15, 2006, 8:14am

onowojemma:

not extectly i have a server that does hotspot and i want to use the MOT as it firewall and it need to be acess from the internat not just a particular services thanks for your reply am still expecting more
mezlo:
In order to access the internet from your lan (10.0.0.0/24), try the following rule:
/ip firewall nat
add chain=srcnat src-address=10.0.0.0/24 action=masquerade
Now, in order to access services on the server 10.0.0.2 from the internet, you need to know what ports to forward. For example, to access a webserver on that machine, try the following rule:
/ip firewall nat
add chain=dstnat dst-address=63.109.247.27 protocol=tcp \
dst-port=80 action=dst-nat to-addresses=10.0.0.2 to-ports=80
Let me know if I have interpreted your question correctly and whether or not this answers it.

Mezlo

Can you use an public IP? post your configuration, and explain a little more of what you want to do with MT…

Regards