Hi guys,

I have this situation. An old Cisco router died recently with this NAT configuration (check the attached image):

Original Address:
10.240.xx.0-10.240.xx.63
Translated Address:
10.xx.xx.251
Rule Type
Dynamic

Original Address:
10.240.xx.21 (8080)
Translated Address:
10.xx.xx.242 (8080)
Rule Type
Static

I want to implement these to a Mikrotik router which is gonna substitute the old one.
The Mikrotik router has 1 LAN interface and 2 WAN interfaces (WAN1 & WAN2), routing traffic for a specific IP address through WAN1 and all other traffic through WAN2
The above rules must use the WAN1 interface.
How can I accomplish that ?

Thanks in advance,

Thomas

Hey. Maybe like this:

I have already this rule in NAT:
chain=srcnat action=masquerade src-address=10.240.xx.0/26

I need this: If someone hits this address (external) : 10.xx.xx.242:8080, the router leads the request to the internal (LAN) address: 10.240.xx.21:8080, through WAN1 interface.
Should I use src-nat or dst-nat ?

Can you be more analytical, because I'm not very familiar with RouterOS...

I have already this rule in NAT:
chain=srcnat action=masquerade src-address=10.240.xx.0/26

Yeah, but this is not enough as you can see.

Thank you for your snapy reply, please check my edited post before yours

Isn't the 8080 port nat supposed to go from outside to inside? So dstnat instead of srcnat

I have already this rule in NAT:
chain=srcnat action=masquerade src-address=10.240.xx.0/26

I need this: If someone hits this address (external) : 10.xx.xx.242:8080, the router leads the request to the internal (LAN) address: 10.240.xx.21:8080, through WAN1 interface.
Should I use src-nat or dst-nat ?

Can you be more analytical, because I'm not very familiar with RouterOS...

In this way, you should use destination nat, because of direction: your external IP address is destination address for someone, that is why you should use destination nat.
ip firewall nat
add action=dst-nat chain=dstnat src-address=0.0.0.0/0 src-port=8080 dst-address=10.xx.xx.242:8080 to-addresses=10.240.xx.21 to-ports=8080 in-interface=WAN1

P.S.: you have not to set src-address=0.0.0.0/0, because emtpy value means everyones.
P.P.S.: are you sure that src-port have to be 8080 from outside?

I have already this rule in NAT:
chain=srcnat action=masquerade src-address=10.240.xx.0/26

I need this: If someone hits this address (external) : 10.xx.xx.242:8080, the router leads the request to the internal (LAN) address: 10.240.xx.21:8080, through WAN1 interface.
Should I use src-nat or dst-nat ?

Can you be more analytical, because I'm not very familiar with RouterOS...

Actually, it appears that your src-nat rule is missing the out interface??

Amnurak provides the required destination nat rule for what is essentially port forwarding.
I dont like it, and offer the one below.
Best if you can limit those accessing your server (by address list via source address list if you can).

ip firewall nat
add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp in-interface=WAN1 to-addresses=10.240.xx.21

(dont think you need to enter "to-ports" if there is no change from destination port but not sure).

OK guys, let me try all your suggestions and I'll get back to you, thank you