Here’s what I need to do.
public-IP-1/30 : 443 → 192.168.34.2:443
public-IP-2/30 : 443 → 192.168.34.2:4443
I dont’ really have a test environment so I’m trying to avoid looking like an idiot when I’m onsite.
Right now I have the default setup with the 2 public IP’s on the gateway interface. I’m hoping its as simple as setting up dst-nat rules based on the dst-address but I’ve never run this setup before.
PLease help.
Using the GUI tool (web or client)
. IP / firewall / NAT
General tab
Chain = srcnat
Action tab = masquerade
. IP / firewall / NAT
General tab
Chain = dstnat
Src Address = blank (anyone)
Dst Address = RED (ether1) outside Public IP
Protocol = tcp
dst port = 443
Action tab = netmap
To Address = 192.168.34.2
To Port = 443
repeat the above
Awesome thanks! One more question. Routing?
Do I need to setup both gateways for both public IP’s
here’s what I have.
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=84.69.82.81 scope=\
30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=84.70.27.89 \
pref-src=84.70.27.90 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=84.69.82.81 \
pref-src=84.69.82.82 scope=30 target-scope=10
and nat
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1-gateway to-addresses=0.0.0.0
add action=netmap chain=dstnat disabled=no dst-address=84.69.82.82 dst-port=\
443 protocol=tcp to-addresses=192.168.34.2 to-ports=443
add action=netmap chain=dstnat disabled=no dst-address=84.70.27.90 dst-port=\
443 protocol=tcp to-addresses=192.168.34.2 to-ports=4443
Will this work? Do I need to have the second gateway?