SSH NAT forwarding

ljelic · August 31, 2021, 10:55am

Hi,

i have an issue i hope you can help me.

I have a Mikrotik LtAP mini, with assigned VPN certificate. I have a Linux machine connected with an ethernet cable to the mikrotik, it has a fixed IP address of 192.168.88.50.
I created a NAT rule, General: dstnat dstn port 52022, tcp, Action:to addresses: 192.168.88.50, to ports 52022

when I try to connect to the Linux machine over the mikrotik VPN IP address on port 52022 i get a: “connection refused” error.

i also have an openVPN certificate installed on the machine and I can connect to the machine over port 22?!

the most intriguing part that it worked on Friday, and from Monday it is working no more, no updates were made…

any suggestions?

mkx · August 31, 2021, 1:18pm

If you did not manually configure ssh server on linux machine to listen to non-standard port, the correct DST-NAT rule would be

/ip firewall nat
add chain=dstnat action=dst-nat protocol=tcp dst-port=52022 to-addresses=192.168.88.50 to-ports=22

You may want to limit the DST-NAT rule to act only on particular interfaces (e.g. the VPN interface).