hello i have a network like this
Mikrotik router
ether1 ip 115.127.11.101 & 115.127.11.100
ether2 ip 192.168.1.250
GW: 0.0.0.0 115.127.11.97
Linux Server IP
eth0 192.168.190.74
eth1 192.168.1.1
GW: 0.0.0.0 192.168.190.73
192.168.1.1 and 192.168.1.250 connected in same network
I Want to pass 115.127.11.100 traffic to 192.168.1.1 or DMZ How can i do this? Where to set the Static route??
Unless I’m misunderstanding what you are wanting to do you aren’t looking for a static route but for destination NAT - you want to dst NAT 115.127.11.100 to 192.168.1.1 and src NAT the opposite
The manual has an example:
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT
Yes i did as mention on page but the problem is linux server running with other isp. after put those command on mikrotik i can see packet is sending on 192.168.1.1 but receive showing none when ping 115.127.11.100
Post what you configured and also explain a little more what you are trying to do.
in mikrotik
ip address
0 115.127.11.101/29 115.127.11.96 115.127.11.103 ether1
1 192.168.1.250/24 192.168.1.0 192.168.1.255 ether2
2 192.168.2.1/24 192.168.2.0 192.168.2.255 ether2
3 115.127.14.30/30 115.127.14.28 115.127.14.31 ether1
4 115.127.11.100/29 115.127.11.96 115.127.11.103 ether1
firewall nat
chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=0-65535
dst-address=115.127.11.100
20 chain=srcnat action=src-nat to-addresses=115.127.11.100 to-ports=0-65535
src-address=192.168.1.1
21 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=0-65535
dst-address=115.127.11.100
routing
[admin@extremecorp] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 X S 0.0.0.0/0 192.168.1.1 1
1 A S 0.0.0.0/0 reachable 115.127.11.97 1 ether1
2 X S 0.0.0.0/0 115.127.14.29 1
3 ADC 115.127.11.96/29 115.127.11.101 0 ether1
4 X S 115.127.11.100/32 192.168.1.1 1
5 ADC 115.127.14.28/30 115.127.14.30 0 ether1
6 ADC 192.168.1.0/24 192.168.1.250 0 ether2
7 ADC 192.168.2.0/24 192.168.2.1 0 ether2
8 A S 192.168.190.74/32 reachable 192.168.1.1 1 ether2
routing in linux
[root@eplanetit ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
115.127.11.96 192.168.1.250 255.255.255.248 UG 0 0 0 eth1
192.168.190.72 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.2.0 192.168.1.250 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.190.73 0.0.0.0 UG 0 0 0 eth0
i wannt to accesss 192.168.1.1 as 115.127.11.100. because linux server is behind private ip.
thanks
chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=0-65535
dst-address=115.127.11.100
20 chain=srcnat action=src-nat to-addresses=115.127.11.100 to-ports=0-65535
src-address=192.168.1.1
21 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=0-65535
dst-address=115.127.11.100
Delete that. Use the below instead:
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=115.127.11.100 src-address=192.168.1.1
add chain=dstnat action=dst-nat to-addresses=192.168.1.1 dst-address=115.127.11.100
Move those two rules to the very top of your NAT rules (20 and 21 indicate you have a lot more rules).
You should probably also assign a second IP within 115.127.11.96/29 to the WAN interface and use that for generic NAT/PAT (the masquerade rule you probably have) so that other traffic can’t clash with ports chosen for the 1:1 NAT for the Linux server.