Port redirect

juibar · November 7, 2006, 11:21pm

Sorry if this has been asked before, but at least I could not find in the forums.

I just want my MT box to identify packets going to port S and replace the port number, such that w.x.y.z:S → w.x.y.z:T, where w.x.y.z can be ANY IP address.

I tried to do it with the rule below, but it did not work because it looks like the rule expects to have a “known” IP address.

 ;;; Port redirect
     chain=dstnat protocol=tcp dst-port=2525 action=dst-nat 
     to-addresses=0.0.0.0 to-ports=25

Any ideas?

Thank you,
juibar

jo2jo · November 8, 2006, 1:46am

did you try action netmap?

are you using Nat Masquerading?

let me know..

EDIT: i re read your post and i dont understand exactly what you want here…are you saying from your example that:

if a user on your network sends mail (port 25 like in your example) you want the port changed to 2525 and then sent out on the net? if so you need to be on the src-nat chain not dst-nat since the packets you are trying to chang are not “Destin” for your NAT, they are “Destin” for some other router on the net…your NAT is the SOURCE, hince src-nat

juibar · November 8, 2006, 3:44am

jo2jo,

I saw your post here: http://forum.mikrotik.com//viewtopic.php?t=9397&highlight=smtp+redirect, but this is not exactly what I want, as the IP address should remain unchanged.

As for your questions, yes, I am using NAT masquerading.

Regarding your edit, I understand what you are saying, but as per the manual, the srcnat chain is applied AFTER routing, whereas I look to change the port number BEFORE routing.

Thanks,
juibar

jo2jo · November 8, 2006, 4:52am

hmm.. so you are saying that my smtp thing is what you want, if only the IP stayed the same??..funny as that is EXACTLY what i orginally wanted until i found it easier to force them to MY isp’s mail server…

ur trying to get around port 25 being blocked right? and hoping that the clients email server also listens on 2525?

here is the rule i’m using now:

5 ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=netmap to-addresses=205.1xx.xx.xx to-ports=25

I dont have a way of testing it, but what happens if you set the netmap to-address to 0.0.0.0 …

juibar · November 8, 2006, 3:30pm

jo2jo,

Spammers use port 25 to send emails, so I actually want to set our outlook clients to use a different port to send emails, and have the MT box block port 25 and change the port number in email packets back to 25 so that they can be routed normally.

Therefore, I am looking to change the port number while keeping the IP address unchanged. The port numbers in the code I posted are irrelevant, sorry for the confusion. Perhaps I should have posted something like this:

     ;;; Port redirect
     chain=dstnat protocol=tcp dst-port=P action=dst-nat 
     to-addresses=0.0.0.0 to-ports=25

where P can be any port number.

As for your suggestion, I tested netmap with to-addresses=0.0.0.0 and will not work.

Any other ideas?

Thanks,
juibar