Good afternoon.
I am sorry for my EnglishI use translator
A router RB1200, I want to redirect the port 80 on the server in the internal network.
chain=dstnat action=netmap to-addresses=10.x.x.x to-ports=80 protocol=tcp dst-address=109.x.x.x dst-port=80
chain=srcnat action=src-nat to-addresses=109.x.x.x src-address=10.x.x.x
But in apache (access.log) i see ip adress of RB1200 in internal networkhttp://www.mysite.ua/(X(1)S(ctqhkweqwvo4or45zp1ig045))/forms/GuestBook.aspx?MenuID=40&AspxAutoDetectCookieSupport=1 ” “Opera/9.80 (Windows NT 5.1; Edition Ukraine Local) Presto/2.12.388 Version/12.10”
I can not see who is trying to break my site, I do not see attacker IP. Оnly access from the router.
That may be due to a srcnat/masquerade. Please post entire “/ip firewall nat”.
It might look like this:
/ip firewall nat
chain=srcnat action=masquerade
…and to work the way you want, it should look like this:
/ip firewall nat
chain=srcnat action=masquerade out-interface=ether1
If ether1 is not your WAN interface, change that.
[admin@cassiopeia] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Masq on old network 192.168.30.0/24
chain=srcnat action=masquerade out-interface=ether9-bridge
1 ;;; Masq to internet
chain=srcnat action=masquerade out-interface=ether10-wan
2 chain=srcnat action=masquerade out-interface=ether1-sw-to-net10
3 ;;; Masq ToHOME
chain=srcnat action=masquerade out-interface=toHome
4 ;;; rdp to PN1
chain=dstnat action=dst-nat to-addresses=192.168.30.118 to-ports=3389 protocol=tcp in-interface=ether10-wan dst-port=33890
5 ;;; dst-nat to Dude
chain=dstnat action=dst-nat to-addresses=10.10.10.14 to-ports=88 protocol=tcp in-interface=ether10-wan dst-port=88
6 ;;; RDP to HELIOS
chain=dstnat action=dst-nat to-addresses=10.10.10.20 to-ports=3389 protocol=tcp in-interface=ether10-wan dst-port=33891
7 ;;; to WEB server
chain=dstnat action=netmap to-addresses=10.10.10.10 to-ports=80 protocol=tcp dst-address=109.x.y.z dst-port=80
8 ;;; from WEB server
chain=srcnat action=src-nat to-addresses=109.z.y.z src-address=10.10.10.10
9 X ;;; Web-to-proxy-redirect
chain=dstnat action=dst-nat to-addresses=10.10.10.1 to-ports=3128 protocol=tcp in-interface=ether1-sw-to-net10 dst-port=80
[admin@cassiopeia] /ip firewall nat>
7,8 rules are netmap to my web server
Which interface is your server on?
My server included in the switch that turned on to port ether1-sw-to-net10
Remove this rule:
2 chain=srcnat action=masquerade out-interface=ether1-sw-to-net10
I’m disable this rule. Now there is no access to the web server
Check your firewall in the server. Insure it accepts port 80 requests from everywhere, not just your localnet.
[14:59]root@pegasus:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
It does not help
If the dstnat works with that masquerade and does not work without it, you have a firewall or routing problem somewhere. Are you certain the default gateway in your server is correct?
On the server really was not the right route, I changed it and it worked. Thank you very much. I fought with this problem 2 weeks
93.126.xx.yy - - [04/Feb/2013:15:15:25 +0200] "GET / HTTP/1.1" 200 6983 "http://mysite.kiev.ua/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0"
Thank you very much!
daulet
September 20, 2016, 2:56pm
12
What changes did you make? Did you change the default gateway on server?
neurotoxin78:
On the server really was not the right route, I changed it and it worked. Thank you very much. I fought with this problem 2 weeks
93.126.xx.yy - - [04/Feb/2013:15:15:25 +0200] "GET / HTTP/1.1" 200 6983 "http://mysite.kiev.ua/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0"
Thank you very much!
What changes did you make to your firewall rules so it solved the issue. Could you please include the changes you made.