Haven’t had to post here in a while.. I’m hoping I’ll explain my problem well enough for y’all to get me an answer.
We run standard set up, (if there is such a thing) main, (or core) router hands out public/static IPs via NAT 1:1.
The site router hands out a private IP, which I set to static to assign the at main.
Hasn’t been a problem until now.
Now I’ve got a customer who wants to do some specific port forwarding and the Cisco is looking at it as a double NAT.
The solution my guy came up with, upgrade Cisco to Sonicwall, use private IP as “static” IP in router.
Does that track? Is there another way to do this? (i.e., tell the core router to act transparent for that IP so they can set forwarding?)
Have I completely butchered what I was trying to explain?
You say you are handing out static/public IP’s but they are 1:1 NAT? Why do you do that? Why not hand them an IP directly and it install as a Connected route? (Assuming PPPoE server).
I would be looking at why you need 1:1 NAT on your core if you are handing out public address space anyway.
Obviously, there may be a reason why you need this that I am unaware of. The solutions I believe may be to set up a firewall nat rule action dst-nat and the to-ports be the full range.
I’m not aware of a configuration that allows a “pass through” of the port forwarding from the core router to the site router.
The configuration I’m running, is the only one I’m aware of.
A quick way would be to remove the NAT config and add a static route for that IP to his private IP address. The Mikrotik client can then configure themselves to use that for public communication.
Just so I understand…
(And you understand the “site” router is not the clients, it’s mine.. )
Remove NAT from main router, (core) and a route in core? site? router to public from private..
(I guess I would have to add a route in both routers, wouldn’t I?)
Then have client use his public IP on his router?
Do I have that right?
IF so, I can’t see any flaws in that.. course, I barely know which hole the cable goes in.