Rerouting default GW and DNS data for locked device.

achmed · June 12, 2017, 3:51pm

Hi Everyone.

I Have a bit of a challenge I don’t know how to address.
Tried to google for answers without any luck, Or maybe I just don’t know what key words to google to get the answer.
The details of the setup are difficult to explain so I’m going to give a very simplified version of my situation.

SETUP:
I Have a device (1) with a static configuration. IP 192.168.0.232/24. Default gateway 192.168.0.3 and DNS 192.168.0.3
I Also have a physical network with subnet 192.168.0.0/24 which contains the DNS server and Internet gateway at 192.168.0.3.
The physical network also contain other devices in the same subnet 192.168.0.0/24 subnet which make use of the default gateway and DNS server at 192.168.0.3.
IMPORTANT NOTE: I Cant change any of the above mentioned settings on the devices, and I can also not change the subnet range or default gateway/DNS addresses since these are all locked-Fixed-Static.

PROBLEM or GOAL:
I Want to only intercept default gateway data from Device 1 sent to the default gateway at 192.168.0.3 in network 192.168.0.0/24 and re-route and or NAT it to a different new gateway in a 2nd network of my choice preferably 192.168.43.1/24.
Device 1 must still be able to communicate with all other devices (excluding Default GW and DNS at 192.168.0.3) in the 192.168.0.0/24 network
But since it is not possible for me to change the IP settings on Device 1, I want to place a Mikrotik router between device 1 and the network (192.168.0.0/24) and then attach the 2nd network with new gateway 192.168.43.1/24 to LAN3 on the Mikrotik.
So doing I wish to re-route only the internet traffic from 192.168.0.232 to the new gateway 192.168.43.1/24.

REVIEW OF PROPOSED SETUP:
Device 1 with a static configuration. IP 192.168.0.232/24. Default gateway 192.168.0.3 and DNS 192.168.0.3 connected to Mikrotik LAN1.
1st Network 192.168.0.0/24 with DNS and Internet gateway still used by other devices connected to Mikrotik LAN2.
2nd Network with new Gateway to be used by Device 1 connected to Mikrotik LAN3.

MY QUESTION:
How do I set up the Mikrotik router to allow communication with all devices in the 1st network (excluding default GW and DNS in the 1st network), and re-route only DNS and GW data from device 1 to the new GW 192.168.43.1/24?

Sob · June 12, 2017, 10:24pm

Easy. Tested and working, unless I missed something:

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
/interface bridge nat
add action=redirect chain=dstnat dst-address=!192.168.0.0/24 in-interface=ether1 mac-protocol=ip
add action=redirect chain=dstnat dst-address=192.168.0.3/32 dst-port=53 in-interface=ether1 ip-protocol=udp mac-protocol=ip
add action=redirect chain=dstnat dst-address=192.168.0.3/32 dst-port=53 in-interface=ether1 ip-protocol=tcp mac-protocol=ip
/ip address
add address=192.168.43.2/24 interface=ether3
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.43.1
add dst-address=192.168.0.0/24 gateway=bridge1
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether3 to-addresses=192.168.43.2
add action=dst-nat chain=dstnat dst-address=192.168.0.3 dst-port=53 protocol=udp to-addresses=192.168.43.1
add action=dst-nat chain=dstnat dst-address=192.168.0.3 dst-port=53 protocol=tcp to-addresses=192.168.43.1

And for the record, my first try, also works, but won’t pass broadcasts:

/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp
set [ find default-name=ether2 ] arp=proxy-arp
/ip address
add address=192.168.43.2/24 interface=ether3
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.43.1
add dst-address=192.168.0.0/24 gateway=ether2
add dst-address=192.168.0.232/32 gateway=ether1
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether3 to-addresses=192.168.43.2
add action=dst-nat chain=dstnat dst-address=192.168.0.3 dst-port=53 in-interface=ether1 protocol=udp to-addresses=192.168.43.1
add action=dst-nat chain=dstnat dst-address=192.168.0.3 dst-port=53 in-interface=ether1 protocol=tcp to-addresses=192.168.43.1

achmed · June 13, 2017, 6:08am

Thanks for your detailed reply. Appreciated.
Will get back to you once I have tested it.