HI
please i need help with let a ip with the real interface to access the fake (local Network) in the microtik software
i don’t understand your question!
Dear Proxy
I Have 2 different networks connectied thru microtik router
first network to a interface called fake with range 192.168.0.0
second network to a interface called real with range 11.11.11.0
with my configuraton in the firewall i can choose the ip in the fake range that will go connect to the real network bu i cannot make a real ip for example 11.11.11.56 from connecting to the fake network
best regards
Dear Proxy
I Have 2 different networks connectied thru microtik router
first network to a interface called fake with range 192.168.0.0
second network to a interface called real with range 11.11.11.0
with my configuraton in the firewall i can choose the ip in the fake range that will go connect to the real network bu i cannot make a real ip for example 11.11.11.56 from connecting to the fake network
best regards
I think you have basic networking problem. Have you set the default route of each machine properly? What is the default route for the real network machine? Maybe you can try to do trace route to see where the traffic go.
dear valens
yes i use the default gateway for both network the microtik ip depend on interface
paste your config here
dear valens
[admin@Active] > int
[admin@Active] interface> pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R Fake ether 0 0 1500
1 R Real ether 0 0 1500
[admin@Active] > int
[admin@Active] interface> pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R Fake ether 0 0 1500
1 R Real ether 0 0 1500
[admin@Active] ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=passthrough
do u need any other configuration i have too many filters in my firewall
-
Your Firewall filter no 0 is really weird.
-
Do you have any NAT/MASQ rules? Maybe there are some missconfig there.
[admin@Active] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8082
1 chain=srcnat action=masquerade
[admin@Active] ip firewall nat>
Yes, your masq filter is wrong…
PLEASE can you provide the good conf.
If you just want to make network A ping network B with a router in between, :
- Turn off all firewall rule and NAT
- Set gateway (default) of client computer to IP on the router on each interface.
It sounds like he’s trying to do DST-NAT.
To NAT a “real” or publicly routeable IP address to an internal “fake” private side address..
The masquerade rule would be as follows:
/ip firewall nat add chain=srcnat out-interface=WAN src-address=192.168.0.0/24 action=masquerade comment="masquerade" disabled=no
Now if you want someone to access an internal server that has an IP address of say 192.168.0.20 and the public address is say 11.11.11.56, you need to create a dst-nat rule. Which would look like this:
/ip firewall nat add chain=dstnat dst-address=11.11.11.56 action=dst-nat to-addresses=192.168.0.20 to-ports=80 comment="http server" \
disabled=no
Hope this helps.
did not work man i give the 11.11.11.56 access to 192.168.0.216 its a web server no replay even there is no ping
Is 11.11.11.56 added to the WAN interface, or “REAL” as you have it labeled?
dear the ip range 11.11.11.0/24 is in the real interface and 192.168.0.0/24 is on the fake interface
soleed pleace be so kind and DO READ
NAT
http://www.mikrotik.com/docs/ros/2.9/ip/nat
IP addressing and routing
http://www.mikrotik.com/docs/ros/2.9/ip/address
that way you could understand these things better. pleace make it clear what you want in terms we all use here and then come and ask questions and we will kindly answer.
