Public IP to Public IP NAT

dsara35 · August 20, 2014, 3:52am

HI Guys,

I need to do public ip to public ip nat .

Details:

One of my server is connected in data center with the local nat (Public IP -----> local IP) this was done by data center firewall. If i try to login my server in ssh/RDP anywhere using the Public ip it will route to my server(Local Ip).

Now my problem is instead of my server in datacenter i need to place mikrotik router. In ether port i configure the local ip given by them.

Now my aim is, need to nat public ip to public ip using that mikrotik. For example i try to access public IP (given by datacenter) it need to forwarded to my cloud server (Public IP).

How to do this setup in mikrotik router that going to place in datacenter.

Kindly anyone help me on this.

dsara35 · August 20, 2014, 8:25am

Thanks for your replay.

I am not understand that article how that help me to do my needs.

Can you explain clearly???

My need:

Public IP (X.X.X.X) → Local IP (Y.Y.Y.Y)

I need to set nat in Mikrotik router that placed in Local IP(Y.Y.Y.Y)

If we try the ssh X.X.X.X port 22 it will redirect to Y.Y.Y.Y. This can be by assign local IP(Y.Y.Y.Y) to router ether1 port.

But now, if i try to ssh X.X.X.X port 23 it need to redirect to new public ip Z.Z.Z.Z port 22 this nat i need to do in Mikrotik router with Local IP (Y.Y.Y.Y)

Thanks in advance.

agehall · August 20, 2014, 10:53am

Have a look at http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT and it should be fairly obvious how you do this on a MT router.

And please, don’t post the same question in multiple threads.

dsara35 · August 20, 2014, 12:03pm

I am not get correct answer so i post. In that wiki the method as given but what i am trying that not working. You can able to give examples.

Thanks…

Are kindly look into this and try to help me …

My aim is to forward traffic from one public ip to other public ip. In one of my linux server i did this with the help of iptables that working well.

I am trying to forward the traffic of one public ip port 25 to the other public ip (Cloud server) 25 port. Is this is possible in Mikrotik router..

IP Tables Rules:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -dport 25 -j DNAT --to-destination X.X.X.X:25
iptables -t nat -A POSTROUTING -j MASQUERADE

This is working well. This is works in one of my global linux server.

Now i need to do the same setting/process using Mikrotik Router.

agehall · August 20, 2014, 12:48pm

Well, what have you tried?

dsara35 · August 20, 2014, 1:16pm

Dear agehall,

Thanks for your time.

Following are the settings i have done in my router. It not working kindly guide on the same.

chain=input action=accept protocol=tcp dst-address=X.X.X.X(Outside Public IP)

chain=dstnat action=dst-nat to-addresses=X.X.X.X(Outside Public IP) to-ports=25 protocol=tcp in-interface=ether1(Public IP Port) dst-port=33

chain=srcnat action=masquerade protocol=tcp src-address=X.X.X.X(Outside Public IP) out-interface=ether1

Thanks,

agehall · August 20, 2014, 1:38pm

Not sure you need the input-chain rule as this would all be forwarding, but anyhow.

The issue is probably that the DNAT rule won’t change the source IP of the request, so the host you forward the request to will try to send the reply directly to the source host for the request. That is probably where it breaks down.

You may want to try adding a masquerading (or SNAT) rule for the outgoing redirect and see if that helps. That should force the reply to go thru the MT router as well.

In general though, it’s probably better if you can get the connecting hosts to go directly to the real server since that is also on a public IP.