Redirecting HTTP traffic sent TO my router

matthysdt · March 29, 2011, 2:47pm

This is a simple one (I hope), just need a nudge in the right direction.

I want to forward data on the http/https protocol to a specific server depending on the port being used.

For instance, say my local MikroTik’s IP address is 192.168.88.1
If a PC on my network attempts to access say, port 500, i want to be able to redirect that traffic to an alternative server.

So if a PC (say 192.168.88.2) types this in a browser: **http://192.168.88.1:500/myfolder/public/index.htm**I want the mikrotik to forward/redirect this traffic to another server, say http://someServer.com:500/myfolder/public/index.htm
I’m still somewhat confused about dst-nat vs src-nat, but I’m pretty sure that I need to use a NAT rule with one of the NAT actions, just not sure which one and how.

If you’re interested, the reason for this setup is:

The client PC does not have direct access to http://someServer.com via the desired link since
the mikrotik is not the client PC’s gateway
simply routing would therefor not solve this problem
The mikrotik DOES have access to http://someServer.com via the desired link.

I was able to create an application in VB that solved this problem, but my application only works for simple TCP/UDP connections (like VNC) and not for HTTP.

Regards!

matthysdt · March 29, 2011, 3:16pm

I drew up an example to explain this more clearly.
This network already has fully functional Leased-line with 3G failover in place.

What I’m attempting is to add a faster (less reliable) line, like DSL, and use it for only one specific program, without tinkering with the existing solution.

rezamoghadam · March 29, 2011, 3:57pm

If i Correct Think About Your idea , You Can Do This With Destination Nat …

i explain that with this example :

you want , if anybody use X.X.X.X:X , that body redirect to X.X.X.X:Y or Y.Y.Y.Y:Y .

Solution can be done with Destination Nat and is very Simple :

ip firewall nat add action=dst-nat chain=dstnat comment=“Redirect To Y Server” disabled=no
dst-address=192.168.88.1 dst-port=80 protocol=tcp to-addresses=Y.Y.Y.Y

Also You Can Redirect to Address And Also Port :

ip firewall nat add action=dst-nat chain=dstnat comment=“Redirect To Y Server” disabled=no
dst-address=192.168.88.1 dst-port=80 protocol=tcp to-addresses=Y.Y.Y.Y to-ports= Y

matthysdt · March 30, 2011, 6:38am

Hi rezamoghadam, it seems that did the trick!
Many thanks!
It’s a great way of bypassing the default gateway and force a new route for the application to take!

rezamoghadam · March 30, 2011, 8:25am

do your problem is solved or not ?

can i help you ?

matthysdt · March 30, 2011, 10:06am

Yes, it’s working! Thank you!

rezamoghadam · March 30, 2011, 1:48pm

Your Wellcome …

if you have any question , i can help you my friend …

onlysuraj · February 29, 2012, 7:37am

sorry for disturbing you frient
but i have a problem with redirecting to or from squid server

this is setup for internel lan

wan link is on mt 450g (ether1)10.210.2.5/24
ether2 connected to squid (with single lan card)192.168.5.1 mt interface and squid ip is 192.168.5.2/24
and ether3 is used for lan with natting (dhcp server interface on ether3) 10.0.0.1/8

first rule:
masqurade the source to wan outinterface is ether1
0.0.0.0/0 gateway 10.210.2.1
#############
create routing mark
chain=prerouting source add=lan ip (client’ip) protocol= 6(tcp) dest port 80 routing mark= http action mark routing passthrough=yes

and add route for mangle http with mark 0.0.0.0/0 gateway =192.168.5.2/24 routing mark =http
###############

dstnat for ::
/ ip firewall nat
add chain=dstnat source add=10.0.0.0/8 dst-port 80 protocol=tcp action=dstnat to add 192.168.5.2 to port 3128 . also add in-interface = lan (client comes from)
/ip firewall nat
add chain= dstnat source add= 10.0.0.0/8 dstnat=80 protocol=tcp action=accept
also add in-interface=lan (whaere lan client comes from)

############

i think there is little mistake so can you guide is right direction

thanks in advance