This is a peculiar problem I would like your assistance with.
I have a network that someone plugged in a Netgear router/switch combo into. It has DHCP services running on it too, of course. Thus on my MikroTik, I received a DHCP alert that let me know the MAC address. Then I looked up its IP address under Bridge / Hosts. All good.
So, I remote into my MikroTik, assign my Bridge1 something in the same IP range as the Netgear. So, my Bridge1 now has two IP addresses assigned to it. I open up a terminal in Winbox, and I can ping the Rogue device. I then telnet to it on port 80 and issue a HTTP get request, and it replies back with HTML. All good.
So, I setup a port forward in my nat rules, but to my surprise, I am not able to open a browser window. Yes, I do see my nat rules counting bytes. I also tried VPN’ing into my router and was not able to access it from the VPN client.
What am I missing? Why can I interact with the Rogue box from the MikroTik command line, but not anywhere else?
Is it possible that the rogue DHCP server doesn’t have default route set to your MT’s address? Probably yes as you had to add additional IP address to MTs LAN interface to establish connectivity to it. In this case the following happens:
client, e.g. 192.168.2.200, tries to connect to DST-NATed port on MT router (e.g. 192.168.2.1:5000)
receives SYN packet and does the DST-NAT magic by replacing dst-address with 192.168.1.1 and port with standard port 80
Netgear receives SYN packet and tries to reply with SYN ACK to sender (192.168.2.200). As it doesn’t know that it’s supposed to use 192.168.1.19 as gateway towards 192.168.2.0/24, it uses its default gateway (whatever it is) or drops packet (due to unknown route)
So you probably have to do SRC-NAT as well… but be careful not to src-nat too much. Something in the line of
