NAT Doesn't Work

Cyclops · August 13, 2015, 3:23pm

Hello there,

Currently, I have setting up a few NAT Rules between three VPS, one mikrotik and two linux OS

NAT between mikrotik and Linux1 works very well, but between Linux2 it doesn’t work

my current config

Linux1:

eth0      Link encap:Ethernet  HWaddr 00:0c:29:75:7c:c8
          inet addr:120.20.30.15  Bcast:120.20.30.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe75:7cc8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21845385 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27262728 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1610196590 (1.4 GiB)  TX bytes:6704461951 (6.2 GiB)

Linux2:

eth0      Link encap:Ethernet  HWaddr 00:0c:29:dd:18:9e
          inet addr:120.20.30.16  Bcast:120.20.30.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fedd:189e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55038 errors:0 dropped:0 overruns:0 frame:0
          TX packets:242 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5243197 (5.0 MiB)  TX bytes:27010 (26.3 KiB)

NAT Rules:

 0   chain=dstnat action=dst-nat to-addresses=120.20.30.15 to-ports=3724 protocol=tcp in-interface=ether1 dst-port=3724 connection-limit=!15,32 limit=1,5 

 1   chain=dstnat action=dst-nat to-addresses=120.20.30.15 to-ports=3727 protocol=tcp in-interface=ether1 dst-port=3727 connection-limit=!15,32 limit=1,5 

 2   chain=dstnat action=dst-nat to-addresses=120.20.30.15 to-ports=3799 protocol=tcp in-interface=ether1 dst-port=3799 connection-limit=!15,32 limit=1,5 

 3   chain=dstnat action=dst-nat to-addresses=120.20.30.15 to-ports=3788 protocol=tcp in-interface=ether1 dst-port=3788 connection-limit=!15,32 limit=1,5 

 4   chain=dstnat action=dst-nat to-addresses=120.20.30.16 to-ports=3788 protocol=tcp in-interface=ether1 dst-port=3789 connection-limit=!15,32 limit=1,5

Mikrotik:

[xxxx@MikroTik] > ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                            
 0   10.xx.xx.116/29   222.222.222.222   ether1                                                                                                                               
 1   120.20.30.1/24     120.20.30.0     ether2

All of them have ping between each others.

What’s wrong ?