Super newbie question on destination nat

savagedavid · October 5, 2005, 10:31pm

Here is my setup:

public ip’s–mt2.9.5—5.8Ghz ptp link—mt2.9.5

On the public IP side I connect to the mt box directly with it’s default live ip x.x.x.y. I would like to connect to the other mt box using another live ip that is dst-natted. All private address routing works correctly

So I add the ip x.x.x.z to the mt box on the public side, and I add a dst-nat rule:

ip firewall nat add chain=dst-nat dst-address={x.x.x.z} action=dst-nat to-addresses={a.a.a.b} to-ports=0-65535

however when I connect to x.x.x.z I still get the box on the live side. Is there another rule I should be adding in?

Thanks
David

Borage · October 5, 2005, 11:00pm

You forget to add protocol and port number. Anyway, I think you should not use the same service port number on both servers.

/ ip firewall nat 
add chain=dstnat dst-address=x.x.x.z protocol=tcp dst-port=80 \
    action=dst-nat to-addresses=a.a.a.b to-ports=0-65535 comment="" \
    disabled=no

savagedavid · October 6, 2005, 8:18pm

I added it as per your example above but still no joy. It still gets me to the source router.