looking for a little help

chcllc · September 6, 2016, 11:02pm

Hello,

what we trying to do is have 1 ip 23.67.207.* point to 10 servers( 10.24.24.2 - 11), we do have a dns running point mydomain.com and yourdomain.com to 26.67.207.* and that works fine but it stops at our Mirotik Router, we do have a inside dns server that is pointing mydomain.com and yourdomain.com to the insaide ips 10.24.24.2 and 3 an so on,

Do we need the firewall turned off or something set so the mirotik router pass to on,

kris

Deantwo · September 7, 2016, 9:54am

Does the router have a masquerade NAT rule?
Have you port forwarded to the servers?

For information, see:

chcllc · September 9, 2016, 1:02pm

yes but portting is not what we are trying.

i have one ip (23.67.207.) i need it to point our ip

23.67.207. ------------------- 10.24.24.2 (dns)
10.24.24.3 (webber1)
10.24.24.4 webber2
10.24.24.5 webber3
10.24.24.6 webber4

Webber are server on our network, they have have to 443,80,25,etc open so port forward wont work

Deantwo · September 12, 2016, 3:37pm

So, you have to forward addresses rather than ports. The setup is almost the same.

Try this:

/ip firewall nat
add chain=dstnat dst-address=23.67.207.2 protocol=tcp dst-port=53 \
   action=dst-nat to-addresses=10.24.24.2 comment="dns DNS"
add chain=dstnat dst-address=23.67.207.2 protocol=tcp dst-port=25 \
   action=dst-nat to-addresses=10.24.24.2 comment="dns SMTP"

add chain=dstnat dst-address=23.67.207.3 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=10.24.24.3 comment="webber1 HTTP"
add chain=dstnat dst-address=23.67.207.3 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=10.24.24.3 comment="webber1 HTTPS"
add chain=dstnat dst-address=23.67.207.3 protocol=tcp dst-port=25 \
   action=dst-nat to-addresses=10.24.24.3 comment="webber1 SMTP"

add chain=dstnat dst-address=23.67.207.4 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=10.24.24.4 comment="webber2 HTTP"
add chain=dstnat dst-address=23.67.207.4 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=10.24.24.4 comment="webber2 HTTPS"
add chain=dstnat dst-address=23.67.207.4 protocol=tcp dst-port=25 \
   action=dst-nat to-addresses=10.24.24.4 comment="webber2 SMTP"

add chain=dstnat dst-address=23.67.207.5 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=10.24.24.5 comment="webber3 HTTP"
add chain=dstnat dst-address=23.67.207.5 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=10.24.24.5 comment="webber3 HTTPS"
add chain=dstnat dst-address=23.67.207.5 protocol=tcp dst-port=25 \
   action=dst-nat to-addresses=10.24.24.5 comment="webber3 SMTP"

add chain=dstnat dst-address=23.67.207.6 protocol=tcp dst-port=443 \
   action=dst-nat to-addresses=10.24.24.6 comment="webber4 HTTP"
add chain=dstnat dst-address=23.67.207.6 protocol=tcp dst-port=80 \
   action=dst-nat to-addresses=10.24.24.6 comment="webber4 HTTPS"
add chain=dstnat dst-address=23.67.207.6 protocol=tcp dst-port=25 \
   action=dst-nat to-addresses=10.24.24.6 comment="webber4 SMTP"

Of course, make sure the router actually has these IP addresses on its WAN interface, so that it will reply to all other ports.