Community discussions

MUM Europe 2020
 
Suntažnieks
just joined
Topic Author
Posts: 11
Joined: Sat Nov 17, 2012 12:39 pm

cant configure NAT rule for webserver

Tue Jan 08, 2013 11:16 pm

Hi,

I installed web server on a raspberry pi and i'm trying to get it working online. By following this manual http://wiki.mikrotik.com/wiki/Hairpin_NAT my router returned an error code: "expected end of command (line 1 column 129)"

i tried to make a nat rule using this code:
[admin@router] >> /ip firewall nat add chain=dstnat dst-address=46.xxx.xxx.xxx protocol=tcp dst-port=80 \ action=dst-nat to-address=192.168.88.253 add chain=srcnat out-interface=WAN action=masquerade
where 46.xxx.xxx.xxx is an ip address granted by ISP and 192.168.88.253 is an IP for my webserver.

router model: RB751U-2HnD

What am i'm doing wrong?
Thanks!
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: cant configure NAT rule for webserver

Wed Jan 09, 2013 5:04 pm

The section:
out-interface=WAN
looks unlikely since the server is presumably on a LAN interface.

Try removing that from the rule. Also, your server needs to be pointing to the RouterBoard as its default gateway.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
fronczek
just joined
Posts: 20
Joined: Sun Jun 03, 2012 1:14 am
Location: Katowice, Poland
Contact:

Re: cant configure NAT rule for webserver

Wed Jan 09, 2013 8:54 pm

Please check if RouterBoard is not configured for using TCP/80 port too at {/ip service}.
 
Suntažnieks
just joined
Topic Author
Posts: 11
Joined: Sat Nov 17, 2012 12:39 pm

Re: cant configure NAT rule for webserver

Fri Jan 11, 2013 8:40 pm

Thank you so much! Taking away "add chain=srcnat out-interface=WAN action=masquerade" did help, now my raspberry pi is online. What purpose was for this unnecessary part of the code?
Also, does this affect my network security in any way now?

Im sorry fronczek, I didnt understand your advice, I'm just learning how to use routerboard so i'd appreciate if you or someone else would explain in more detail how to check ports with {/ip service} command.. :)
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: cant configure NAT rule for webserver

Fri Jan 11, 2013 11:57 pm

It looked like you perhaps combined the text for a couple of rules - cut & paste issue maybe.

Upload the output from /export compact if you want your config checked.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

Who is online

Users browsing this forum: No registered users and 31 guests