Hi guys.
Today I’m facing a rare issue with port forwarding, I lease a line from an ISP with 3 Ip, one for internet (PPPoE) and 2 ips using for my servers to public service like web… After NAT one website with main IP (PPPoE-ip), Rare thing happened I can access its with all 3 ips, Is there anyone facing the same issue ?
Is there anyone who know this issue, please help =\
Hello,
On your NAT rule, did you choose in-interface or dst-address?
Yes, both are selected.
If needed I’ll post NAT rules here.
Ok, so do not use in-interface but dst-address instead.
add action=dst-nat chain=dstnat disabled=yes dst-address=171.xxx.xxx.xxx
dst-port=443 in-interface=pppoe-out1 protocol=tcp to-addresses=
192.xxx.xxx.xxx to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-address=171.xxx.xxx.xxx
dst-port=80 protocol=tcp to-addresses= 192.xxx.xxx.xxx to-ports=80
add action=masquerade chain=srcnat dst-address= 192.xxx.xxx.xxx dst-port=443
out-interface-list=LAN protocol=tcp src-address-list=Local_Address
Please check, I don’t think in-interface cause this error.
If 171.xxx.xxx.xxx is single address, then these rules will work only for that address and nothing else, it’s simply not possible that they would touch packets with other destination address. Maybe you have some other rules?
It was my fault, I have a NAT rule standed above all the other rules which cause error. I should specified the destination address for each NAT rule.
Thank for your comment.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=80 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.xxx.xxx.xxx to-ports=80