Hi, i have 2 subnets on my CCR1016 : 192.168.200.0/24 (port4) and 192.168.143.0/24 (port5)
There is a webserver (192.168.200.4) that accept input traffic only from his subnets 192.168.200.0/24 .
What rule (src-nat?) should I create so that I can reach the webserver from 192.168.143.0/24? I have to masquerade traffic from 192.168.143.x to 192.168.200.x and vice versa?
Thanks!
Do you need a Firewall betwen the two networks or just routing?
From 192.168.143.x you should be able to reach only the address 192.168.200.4 so we also need some firewall rules.
What do you suggest? Thanks
OK first of all i suppose each port have an ip address assigned in their subnets.
So 192.168.200.0/24 is your “private” network and 192.168.143.0/24 is your “public” network.
You need to dst-nat 192.168.200.4 to 192.168.200.x where x is your switch port address, on dst-port 80 (http protocol).
Then you should be able to access your web server with http://192.168.200.x .
Create a dstnat rule with dst-address=192.168.143.y (y is your router port ip address in this subnet) protocol=tcp port=80 and choose proper interface in “in interface”, action=dst-nat to address=192.168.200.4 to ports=80
Be sure to create routes accordingly.
hope this helps
Ports on mik have these addresses :
Port4 → 192.168.200.1
Port5 → 192.168.143.1
Then rule becomes : dst-address=192.168.143.1 protocol=tcp port=80 in interface=ether5 action=dst-nat to address=192.168.200.4 to ports=80 ?
With this rule i can access web server at 192.168.200.4 if my ip address is 192.168.143.x?
I guess so, don’t forget to src-nat masquerade 192.168.200.0/24 …
can you perform a test??
As far as I understand the webserver (192.168.200.4) only accepts connections coming from 192.168.200.0/24 and you want to connect to that server from network 192.168.143.0/24, right?
If that is the case, you only need to masquerade the traffic if:
So
/ip firewall nat
add chain=src-nat action=masquerade dst-address=192.168.200.4 out-interface=ether4 src-address=192.168.143.0/24 protocol=tcp dst-port=80