Hi All
I am new to Mikrotik and have same basic knowledge.
So far I have everything configured and working great, except a Nat issue I am having.
I currently connect to services hosted on a QNAP NAS through the Mikrotik. Problem I am having is that when I connect from an external location to the QNAP the connection logs are showing up with the routerboard's IP address and not the external IP I am connecting from. How do I make sure the external address is passed through and shows on the QNAP?
This is playing havoc with the Firewall on the QNAP.
I hope this makes sense and someone can point me in the right direction.
Re: External IP NAT issue. [SOLVED]
So this is your qnap on a LAN behind the router and you are trying to connect to the QNAP NAS from the wan side?
Two things are needed..... a source nat masquerade rule (outgoing traffic) and a destination NAT rule - unsolicited incoming traffic.
/ip firewall nat
add chain=srcnat action=masquerade in-interface=lan out-interface=WAN
add chain=dstnat in-interface=WAN protocol=tcp dest-ports=xxx,yyy action=dstnat to=addresses=LANIPoftheQNAP_NAS
That should get you there.
If you can limit the incoming addresses that should access your QNAP (if you know them), then create an address list in ip firewall address lists for that
and insert it into the dstnat rule on the advanced tab (src-address-list= )
Two things are needed..... a source nat masquerade rule (outgoing traffic) and a destination NAT rule - unsolicited incoming traffic.
/ip firewall nat
add chain=srcnat action=masquerade in-interface=lan out-interface=WAN
add chain=dstnat in-interface=WAN protocol=tcp dest-ports=xxx,yyy action=dstnat to=addresses=LANIPoftheQNAP_NAS
That should get you there.
If you can limit the incoming addresses that should access your QNAP (if you know them), then create an address list in ip firewall address lists for that
and insert it into the dstnat rule on the advanced tab (src-address-list= )
Re: External IP NAT issue.
Thank you very much for the reply.So this is your qnap on a LAN behind the router and you are trying to connect to the QNAP NAS from the wan side?
Two things are needed..... a source nat masquerade rule (outgoing traffic) and a destination NAT rule - unsolicited incoming traffic.
/ip firewall nat
add chain=srcnat action=masquerade in-interface=lan out-interface=WAN
add chain=dstnat in-interface=WAN protocol=tcp dest-ports=xxx,yyy action=dstnat to=addresses=LANIPoftheQNAP_NAS
That should get you there.
If you can limit the incoming addresses that should access your QNAP (if you know them), then create an address list in ip firewall address lists for that
and insert it into the dstnat rule on the advanced tab (src-address-list= )
I had the masquerade rule in already, but had setup the destination NAT incorrectly.
Re: External IP NAT issue.
Just be aware if you are behind the router and want to access the qnap using the public IP address, this involves programming in hairpin nat (convoluted and complicated). I always tell LAN users, to use the direct LANIP address of the server if they need to get at it. Where the hairpin nat comes in is when the direct access to the qnat is not possible.
For example its on a different interface or VLAN that most dont have access to and the only way to get to it is via the dyndns name of the server for example.
For example its on a different interface or VLAN that most dont have access to and the only way to get to it is via the dyndns name of the server for example.
Who is online
Users browsing this forum: Bing [Bot] and 105 guests