Community discussions

MUM Europe 2020
 
TimGuyUK
just joined
Topic Author
Posts: 24
Joined: Fri Jul 29, 2016 11:36 am

DST-NAT Publish with Pre-Routing default route Rule

Fri Jan 06, 2017 5:46 pm

Hi Everyone

Could anyone give me any advice on the following.

I needing to do a DST-NAT (port forward / Publish from router to internal ip) with a Mangle Pre-routing Marked Filter rule for all 0.0.0.0/0 traffic.

I have a remote site where I need all traffic to go up its VPN connection to head office (for http/https filtering purposes) but I also have a local server that needs publishing from the remote sites router external ip address.

Obviously as soon as I enable the pre-routing marked filter rule and create a 0.0.0.0/0 route rule for the marked filter I don’t have the ability to return the DST-NAT traffic to reply.

Can anyone think of a way to get around this?

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=filtering \
passthrough=yes src-address=10.8.1.0/24
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp \
to-addresses=10.8.1.10 to-ports=80
/ip route
add distance=1 gateway=l2tp-out1 routing-mark=filtering

Thanks
 
Sob
Forum Guru
Forum Guru
Posts: 4998
Joined: Mon Apr 20, 2009 9:11 pm

Re: DST-NAT Publish with Pre-Routing default route Rule

Fri Jan 06, 2017 8:11 pm

Mark connections to webserver:
/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=ether1 new-connection-mark=local_WAN passthrough=yes
And then add connection-mark=!local_WAN to your route marking rule.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: alvar0rodrig0, Guntis, juss, td32 and 93 guests