Community discussions

 
dirtyharry79
just joined
Topic Author
Posts: 2
Joined: Tue Sep 03, 2019 11:56 am

Incoming Masquerade?

Tue Sep 03, 2019 12:28 pm

Hi,
is it possible to masq incoming connections with the routers IP? At the moment when I configure dst-nat, the exposed server gets the real public IP of the client. I would like to masq that to the IP of the router, so the server only logs the routers IP. Is this possible, and if so, how?
Currently I have the following configured and can access the Server, but the Server sees the Clients public IP:

Code: Select all

/ip firewall nat
add action=dst-nat chain=dstnat comment=Testserver dst-address=\
212.XXX.XXX.XXX dst-port=8080 log=yes log-prefix=DST-NAT protocol=tcp \
to-addresses=192.168.100.191 to-ports=8080
Thanks for any support,
Harry
 
Sob
Forum Guru
Forum Guru
Posts: 4549
Joined: Mon Apr 20, 2009 9:11 pm

Re: Incoming Masquerade?

Tue Sep 03, 2019 2:14 pm

People usually ask for the opposite, after they misconfigure their srcnat rules. :) So yes, it's definitely possible, just add new srcnat/masquerade rule for packets going to server. You can use either "to-addresses=192.168.100.191 to-ports=8080" condition, or just address, or out-interface=<where server is>, or extreme case is to have masquerade rule without any conditions, so it applies to all connections (but that's probably not good idea).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
dirtyharry79
just joined
Topic Author
Posts: 2
Joined: Tue Sep 03, 2019 11:56 am

Re: Incoming Masquerade?

Wed Sep 04, 2019 12:47 pm

Thank you very much! It works.
Just asking myself why I didn't come up with this solution myself. Somehow my brain was locked to "DST-NAT"...

Thanks,
Harry

Who is online

Users browsing this forum: No registered users and 20 guests