Dear Community,
I didn't find a way to dest-nat requests to an incoming port (3051) to an other (3050) to an internal server.
Here is my conf:
When I log the flow, I can see:
09:39:50 firewall,info key dstnat: in:ether1_WAN1 out:(unknown 0), src-mac 00:1c:73:
05:0a:cf, proto TCP (SYN), 5.5.14.2:62971->18.18.16.4:3051, len 52
09:39:59 firewall,info key dstnat: in:ether1_WAN1 out:(unknown 0), src-mac 00:1c:73:
05:0a:cf, proto TCP (SYN), 5.5.14.2:62971->18.18.16.4:3051, len 48
But I can see requests on my internal server and connection is refused.
Could you please help me with this case?
Thank you in advance.
Regards,
Forward and redirect port
You do not have the required permissions to view the files attached to this post.
Re: Forward and redirect port [SOLVED]
Read this: viewtopic.php?f=2&t=102483&p=508981&hil ... IC#p508981
Why do you use public IPs in internal network?
Why do you use public IPs in internal network?
Re: Forward and redirect port
Thank you BartoszP for your help and your time, your link help me well to unblock this flow.
I used it because of a misunderstanding about Mikrotik router...
What I used:
if its can help...
I used it because of a misunderstanding about Mikrotik router...
What I used:
Code: Select all
add action=dst-nat chain=dstnat dst-port=3051 \
in-interface=ether1_WAN1 protocol=tcp src-address-list=***** \
to-addresses=172.25.11.55 to-ports=3050
add action=src-nat chain=srcnat dst-address=172.25.11.55 dst-port=3050 \
protocol=tcp src-address=!172.25.0.0/16 to-addresses=172.25.10.254
Re: Forward and redirect port
The first part of that code, the dstnat lines look good!Thank you BartoszP for your help and your time, your link help me well to unblock this flow.
I used it because of a misunderstanding about Mikrotik router...
What I used:viewforum.php?f=14Code: Select alladd action=dst-nat chain=dstnat dst-port=3051 \ in-interface=ether1_WAN1 protocol=tcp src-address-list=***** \ to-addresses=172.25.11.55 to-ports=3050 add action=src-nat chain=srcnat dst-address=172.25.11.55 dst-port=3050 \ protocol=tcp src-address=!172.25.0.0/16 to-addresses=172.25.10.254
if its can help...
It appears you change the incoming port to one that your server expects and you have limited access to the server to a list of WANIPs (better security!!).
The second part of the code, a source nat rule IS FOR WHAT PURPOSE??
Normally would look like
add action=src-nat chain=masquerade out-interface=WAN
or
add action=src-nat chain=masquerate out-interface=wan1-eth1 (which is basically the same thing)
Note: masquerade works for a dynamic IP address, if yours is static then best to use
action action=src-nat chain=srcnat out-interface=eth1-ppoee etc... to-addresses=wanip
Who is online
Users browsing this forum: No registered users and 25 guests