nice port forwarding idea. ..Is it possible? how to?

northman · December 30, 2008, 4:56pm

Hi.

We have MT RB450 router:

eth1 connected to I-net and it has NAT on it and public IP say 22.33.44.1
eth2 connected to LAN, say 192.168.2.0/24

Inside the LAN there are several boxes with web-enabled control interfaces (via http, port 80)
We need to have access to these boxes from outside and I know that I need to configure port forwarding here, but we decided to make it according some logic to make it easy to remember, for example:
22.33.44.1:55123 should be maped to 192.168.2.123:80
22.33.44.1:55124 --------------------------> 192.168.2.124:80
22.33.44.1:55125 --------------------------> 192.168.2.125:80
. . .
22.33.44.1:55199 --------------------------> 192.168.2.199:80

Are there any ways to implement this logic by one shot?
Or to do routine installing separate rules for each particular LAN IP is only the way?..

netrat · December 30, 2008, 5:19pm

I think you have to make each rule separately. You could make a script to automatically make the individual rules though.

/ip firewall nat
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=22.33.44.1 dst-port=55123 protocol=tcp to-addresses=192.168.2.123 to-ports=80
add action=dst-nat chain=dstnat comment=“” disabled=no dst-address=22.33.44.1 dst-port=55124 protocol=tcp to-addresses=192.168.2.124 to-ports=80
etc…

mrz · January 2, 2009, 6:27am

You can write a script to make those rules automatically:

:for i from=123 to=199 do={
   /ip firewall nat add dst-port="55$i" to-addresses="192.168.2.$i" ...
}