Hi all
I am have trouble understanding how to make the following work and would appreciate some help. What I am trying to do is this:
I want to take a port number on the internal network and change that port number going to the outside network then have the reverse happen coming back in.
Sounds simple but I am stumped.
If you’re just looking to open a service on the outside and translate it to a different port, it’s pretty simple:
Let’s assume your internal host is 192.168.1.1, the service port is TCP 88. The WAN IP is 10.0.0.1 and service port is TCP 80.
You’d create a dst-nat rule as follows:
/ip firewall nat add chain=dstnat dst-address=10.0.0.1 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.1 to-ports=88
What this rule will do is requests on the WAN IP port 80 will get translated to port 88 for the internal host.
Is this what you were trying to accomplish?
rmmcann is correct, however if your WAN IP is dynamically assigned, you can change the rule to use the incoming interface rather than the IP address:
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=<internal IP address> to-ports=<internal server port> protocol=tcp in-interface=<Your WAN interface> dst-port=<port exposed to the Internet>