My question is a bit tricky but it summarizes in the following: see the attached image:
Top is the current network. It comprises of one scada master (m) and three appliances (1, 2 and 3) who send and receive data from m. m is set up so it “knows” the IPs of 1, 2, and 3 to send and receive data to them. For reasons unbeknownst to me, the appliances need to change their IPs, as seen in bottom. The tricky part is that m can’t be set up as the responsible contractor has been long out of business, so I can’t set up m to look for the data it needs to any other IPs than the currently set up.
Can I use a routerboard (see bottom image) as to read the attempts to m to communicate to the older IPs, and reroute the data to new IPs in another interface?
I’ll try this. Correct me if I wrong but if I ping 10.103.1.101 from the side of m, will I receive a response or a timeout? I’m just asking for troubleshooting purposes.
A normal setup would be that your action=dst-nat rules would match only on dst-address, not on protocol and dst-port. In this case, whether you receive ping responses depends on whether the appliances respond to ping or not.
The purpose of having the old addresses of the appliances up on the m-facing interface of the Mikrotik is that the Mikrotik would respond to m’s ARP requests for these IPs with its own MAC address. However, any IP packets coming next from m to these IP addresses will be redirected to the new addresses of the appliances thanks to the dst-nat rules.
If, eventually, a default route cannot be configured on the appliances, you will need also a src-nat rule on the Mikrotik, making the request from the m’s address look as if it came from the Mikrotik’s address to the appliances.
