Linking a Public IP with a Private IP

galimuna · November 13, 2014, 2:25pm

Hi,
I was looking in internet and still could not find the answer…
Here is my problem:

Now what I want is that I can manage my switches from outside…
I want for example if I try to connect with ssh/web on 192.168.4.2 to redirect my request to 192.168.3.101 and configure/manage the switch. Is there any possibility to link one static ip with another static ip? I don’t want to use PAT, I want that every switch behind the router to have also an IP on the public interface (ether1) so I can have full access on the switches.

lambert · November 14, 2014, 2:27am

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping

Does that help?

imrankosi · November 14, 2014, 9:31am

yeah that’s possible use this rule:

chain=dstnat action=dst-nat to-addresses=lan ip to-ports=22
protocol=tcp dst-address=wan ip dst-port=22

this rule will solve your issue but remember you wan should have real or live ip

give karma if you got solution for your issue

galimuna · November 20, 2014, 8:31am

It doesn’t work… I still cant figure it out why.

galimuna · November 20, 2014, 8:34am

Thanks for your reply but as I mentioned on my post That I dont want to PAT (Port Address Translation) my ips. I need to route all the traffic that comes for 192.168.4.2 to 192.168.3.101, not only one port.

lambert · November 21, 2014, 3:58am

It doesn’t work… I still cant figure it out why.

So, show us what you tried so we can help figure out what went wrong. Most of us don’t read minds around here.

galimuna · November 21, 2014, 9:57am

There is one thing I forgot to mention... on the port where I connect the switch I use VLAN's... there are 3 VLANs and one of them is configured as Native Vlan 1 (same on the switch is vlan1 the management vlan).
The switch I want to manage is 192.168.3.128 which is connected on eth3 (which is a VLANed network)
So here is my config:
[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 192.168.150.2/24 192.168.150.0 ether7
1 192.168.151.1/24 192.168.151.0 vlan1
2 192.168.152.1/24 192.168.152.0 vlan2
3 192.168.3.1/24 192.168.3.0 management
4 192.168.4.1/24 192.168.4.0 ether7

VLAN1 and VLAN2 use Hotspot...

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough log=no log-prefix=""
1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.151.0/24 log=no
log-prefix=""
2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.152.0/24 log=no
log-prefix=""
3 chain=dstnat action=netmap to-addresses=192.168.3.0/24
dst-address=192.168.4.0/24 log=no log-prefix=""
4 chain=srcnat action=netmap to-addresses=192.168.4.0/24
src-address=192.168.3.0/24 log=no log-prefix=""

I tried also doing netmap on specific ip... 192.168.4.128 with 192.168.3.128 but it doesn't work...