NAT

komailov · April 16, 2015, 12:39pm

Hi All,

i’m trying to create new NAT Rule to publish my local server but it’s not working at all. i tried to do it before and everything was working very well. now it’s not at all

any help?

ZeroByte · April 16, 2015, 12:54pm

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT

You most likely want to use the port mapping example.

komailov · April 16, 2015, 1:10pm

Nothing Changed Man

ZeroByte · April 16, 2015, 2:13pm

post your nat config
(on command line, /ip firewall nat export compact)

Also - make sure that your filter rules aren’t blocking the connections

komailov · April 16, 2015, 2:28pm

add action=dst-nat chain=dstnat disabled=yes dst-address=77.42.155.67 dst-port=80 protocol=tcp to-addresses=10.137.253.3 to-ports=80
add action=redirect chain=dstnat comment=“Web Proxy Rule” dst-port=80 protocol=tcp src-address=192.168.50.0/24 to-ports=8080
add action=dst-nat chain=dstnat comment=Search.Assabil.Com disabled=yes dst-address=77.42.155.67 protocol=tcp src-port=80 to-addresses=10.137.253.3 to-ports=80
add action=passthrough chain=unused-hs-chain comment=“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“default configuration” out-interface=WAN to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=“masquerade hotspot network” src-address=192.168.50.0/24

ZeroByte · April 16, 2015, 2:47pm

komailov:

add action=dst-nat chain=dstnat disabled=yes dst-address=77.42.155.67 dst-port=80 protocol=tcp to-addresses=10.137.253.3 to-ports=80
add action=redirect chain=dstnat comment="Web Proxy Rule" dst-port=80 protocol=tcp src-address=192.168.50.0/24 to-ports=8080
add action=dst-nat chain=dstnat comment=Search.Assabil.Com disabled=yes dst-address=77.42.155.67 protocol=tcp src-port=80 to-addresses=10.137.253.3 to-ports=80
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" out-interface=WAN to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.50.0/24[/quote]

Ok - so I assume that rule #1 is the one you’re trying to get working, and I furthermore assume that you’re not leaving it disabled when testing…

It should work - have you verified that the server has the correct default GW (whatever 10.137.253.x IP address is on the Mikrotik) and that the web service is running, and that it allows connections from any IP address?
If you log onto the host itself, is it able to access the web? If so, and you go to one of those whatismyipaddress.com sites - does it show 77.42.155.67 ?

What is the Search.Assabil.Com rule? This one is built strangely… translated into English, this rule says:
when performing destination nat, if the packet is FROM tcp:80 and has a destination of 77.42.155.67 (any port number), then change the destination IP address to 10.137.253.3 and the DESTINATION port to 80.

more simply - “replies from web servers on the internet towards my public IP should get forwarded to the web daemon running on my internal host” - which makes no sense. Keep this rule disabled.

Last item - hotspot. Is there a hotspot running on the interface which leads to 10.137.253.3? If so, did you create a bypass host binding for the server, and make sure that both the address AND to-address are 10.137.253.3?

komailov · April 18, 2015, 9:29am

Thanks for your kind support.

my gateway on the local NIC configured correctly and everything like web services and so on working well.

any advise.