NAT rule

uumar · October 21, 2009, 7:26pm

hi, im trying to redirect all http traffic from my rb1000 to a cache server. i used this
;;; redirect all http to cache
chain=dstnat action=dst-nat to-addresses=192.168.x.x to-ports=8080
protocol=tcp in-interface=ether4 dst-port=80

i use the above nat rule but it did not work. im i missing something?

cache server is connected to ether4. while other clients are connected to ether2.

fewi · October 21, 2009, 7:37pm

If the clients (that should be proxied) are behind ether2 and the proxy server is behind ether4, specifying an in-interface of ether4 is not going to match any traffic from the clients behind ether2 (as their in-interface would be ether2). Change that value to reflect the correct client location.

uumar · October 21, 2009, 7:59pm

fewi

i tried changing in-interface to ether2 but that doesnt work either. maybe i will explain my router setup.

internet comes in through ether1 and i setup a masquerade. 192.168.32.1/22 is configured on ether2 and thats where all clients are conneceted to. 192.168.30.1/30 configured on ether4 and thats where the cache server is connected to. cache server address is 192.168.30.2.

fewi · October 21, 2009, 8:11pm

Does the rule show any hits when the in-interface is set to ether2?

uumar · October 21, 2009, 9:00pm

yes, bytes and packets keep counting but no northing is working. clients cant surf the net.

fewi · October 21, 2009, 9:07pm

That seems to indicate that the rule is working as intended (if it’s counting packets, it would take the requested action on the packet and would redirect it to the to-address and to-port).

Have you tested the proxy server by directly connecting a client to it, and verified it’s set up correctly?

Post the output of “/ip firewall export”, “/ip route print detail” and “/ip address print”.