HELP PLEASE !

Cahluma · November 30, 2010, 10:27am

Dear friends !

I’m using a Mikrotik RB750. Since my customer’s requests are little complicated i would appreciate your help.
Here is the situation :

there ia a office LAN, and a server machine generates 10 different TCP services. Now, I already have configured 10 public IP from my ISP & I need to
redirect each service via each IP.
e.g :
server lan ip >> service tcp 55 >> public IP 1
server lan ip >> service tcp 66 >> public IP 2
server lan ip >> service tcp 77 >> public IP 3
.
.
.
server lan ip >> service tcp nn >> public IP 10

Waiting on your feedback

kindly thanks

mrz · November 30, 2010, 10:36am

Set up destination nat to specific IP address
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=<public IP 1>
protocol=tcp to-addresses= to-ports=55

and so on

Cahluma · November 30, 2010, 11:31am

i tried like that, but it does not succeed !
my public ips are set one after one to the wan int. and i can ping all of them. (same subnet, same gateway)

when configuring in such way, these requests are redirected in internet via the first public ip (even i’d applied the dst.-nat chain/ per each) !!

any comment pls. ?!!!

tx
Cahluma

temuri426 · November 30, 2010, 11:50am

hi…

you need to configure 1:1 mapping, you’ve done it only one direction (dest nat) , and also you need to configure reverse direction natting using source nat..

like that:

/ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254
action=netmap to-addresses=2.2.2.1-2.2.2.254

/ip firewall nat add chain=srcnat src-address=2.2.2.1-2.2.2.254
action=netmap to-addresses=11.11.11.1-11.11.11.254

or see tutorial : http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

hope it helps..

Cahluma · November 30, 2010, 1:57pm

thanks for your comment, but let me describe in detail the situation :

My ISP has provided to me 8 public IPs. I did configured them (put all ip addresses to a single ether interface, since they belong to the same
metmask &gateway).
i.e : 4.2.2.3 - 4.2.2.11
I am using a webserver with 1 IP address (i.e 10.10.10.3/24) into office LAN.
Now, what I need isto redirect 8 server’s services in internet via 8 different public IPs.

i.e :

10.10.10.3:55 >> 4.2.2.4:55
10.10.10.3:66 >> 4.2.2.5:66
.
.
.

so up to now, i tried also your suggestions and the result is that server’s services goes out in internet via the same public IP even i did exactly dest. &source port mapping !

please help me on that

tx

mrz · November 30, 2010, 1:58pm

To map server traffic to specific address you need to set up srcnat, too.

Cahluma · November 30, 2010, 2:15pm

masquerade 10.10.10.0/24 out int. “WAN”
src.nat add. i.e 10.10.10.2/24 src.port: 55
action to add. 4.2.2.3 to port 55
dst.nat dst.add. 4.2.2.3, dst.port : 55
action dst.nat add. 10.10.10.2 to port 55

… similiar for other services !

but result is, that everything is redirected via the same (the first) public ip address !!!

fewi · November 30, 2010, 2:24pm

http://forum.mikrotik.com/t/multiple-ip-on-wan-interface/40513/1

Double posting is rude.

Cahluma · December 1, 2010, 8:09am

mr.
i am new to this forum and, as far as you can understand i am looking emergently for a solution !
please ignore the fact i did asked to another topic, if you find it unsense

thanks in advance

fewi · December 1, 2010, 1:59pm

You saw that I posted in the thread I linked to before posting in this one?

Cahluma · December 1, 2010, 4:17pm

we’re ok !
now i understood, how it works .
my bad

thanks

p.s: it still sends me out via first ip

fewi · December 1, 2010, 4:28pm

Then post the output of “/ip firewall nat export”. Don’t summarize it in your own words - run that command, and copy and paste the output here.

Cahluma · December 1, 2010, 4:46pm

OK, HERE’S :

dd action=masquerade chain=srcnat comment=“” disabled=no out-interface=
WAN src-address=10.30.29.0/24

add action=src-nat chain=srcnat comment=“REQUEST_1” disabled=no
dst-address=DESTINATION_1 dst-port=55 protocol=tcp src-address=
10.30.29.3 to-addresses=FIRST PUBLIC IP to-ports=55
add action=src-nat chain=srcnat comment=“REQUEST_2” disabled=no
dst-address=DESTINATION_2 dst-port=56 protocol=tcp src-address=
10.30.29.3 to-addresses=SECOND PUBLIC IP to-ports=56
add action=src-nat chain=srcnat comment=“REQUEST_3” disabled=no
dst-address=DESTINATION_3 dst-port=57 protocol=tcp src-address=
10.30.29.3 to-addresses=THIRD PUBLIC IP to-ports=57
add action=src-nat chain=srcnat comment=“REQUEST_4” disabled=no
dst-address=DESTINATION_2 dst-port=58 protocol=tcp src-address=
10.30.29.3 to-addresses=FOURTH PUBLIC IP to-ports=58

ETC.

P.S: i put words for “dst address” and “to-addresses=”

thanks

fewi · December 1, 2010, 5:25pm

That still shows the rule with the ‘masquerade’ action on top of everything else.
From the other thread I linked to:

Your rules aren’t in the right order. If the masquerade comes first then it is executed and traffic never goes to the more specific rules. Always order NAT rules from more specific to less specific. If you’re still unsure, post your ruleset.

Move that rule to the bottom of everything. Then try again.