Community discussions

MUM Europe 2020
 
rtr989
newbie
Topic Author
Posts: 29
Joined: Wed Feb 08, 2006 2:28 pm

dst-nat question

Fri Jan 26, 2007 11:42 am

i wona to make dst-nat from local address 192.168.0.1:6580 to 66.94.234.13:80

on 192.168.0.1 router i add this:
chain=dstnat dst-address=192.168.0.1 protocol=tcp dst-port=6580
action=dst-nat to-addresses=66.94.234.13 to-ports=80

so, i try to connect on port 6580 on 192.168.0.1 and nothing happen..
in firewall nat i see what packets count, in connection tcp state: syn sent and stop on this...
what is wrong?
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Jan 26, 2007 11:50 am

You need to setup a dstnat and srcnat as follows:

chain=dstnat dst-address= 66.94.234.13 protocol=tcp dst-port=6580
action=dst-nat to-addresses= 192.168.0.1 to-ports=80

chain=srcnat dst-address= 192.168.0.1 protocol=tcp dst-port=80
action=dst-nat to-addresses= 66.94.234.13 to-ports=6580
Last edited by firebat on Fri Jan 26, 2007 11:58 am, edited 5 times in total.
 
rtr989
newbie
Topic Author
Posts: 29
Joined: Wed Feb 08, 2006 2:28 pm

Fri Jan 26, 2007 11:54 am

You need to setup a dstnat and srcnat:

dstnat:


Setup a srcnat from 192.168.0.1 to 66.94.234.13
can u get example?
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Jan 26, 2007 11:54 am

Was editing response...see above :) You can open all of the ports to begin with to get it working then alter the config.
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Jan 26, 2007 12:02 pm

You can try just the dstnat example above alone if you want. What I gave is an example of poking a hole in the firewall. With additional ports open, you can put a server on a private IP and have it accessible from the internet.
 
rtr989
newbie
Topic Author
Posts: 29
Joined: Wed Feb 08, 2006 2:28 pm

Fri Jan 26, 2007 12:03 pm

chain=srcnat dst-address= 192.168.0.1 protocol=tcp dst-port=80
action=dst-nat to-addresses= 66.94.234.13 to-ports=6580
this is wrong..
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Jan 26, 2007 12:06 pm

Possibly. I didnt try it.
 
User avatar
Solusan
newbie
Posts: 37
Joined: Wed Jan 24, 2007 1:47 pm

Fri Jan 26, 2007 2:11 pm

Hi...


I have a little proble with NAT.

The post is in:

http://forum.mikrotik.com/viewtopic.php?p=62693#62693


I'm a little bit desperate.....


very many thanks.
 
rtr989
newbie
Topic Author
Posts: 29
Joined: Wed Feb 08, 2006 2:28 pm

Fri Jan 26, 2007 4:26 pm

chain=dstnat dst-address=192.168.0.1 protocol=tcp dst-port=6580
action=dst-nat to-addresses=66.94.234.13 to-ports=80

this rule is right?
it is not work!
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Sat Jan 27, 2007 5:05 am

Can you describe exactly what you are trying to accomplish? Are you trying to access 192.168.0.1 from the internet using public IP 66.94.234.13?
 
User avatar
Solusan
newbie
Posts: 37
Joined: Wed Jan 24, 2007 1:47 pm

Sun Jan 28, 2007 11:25 pm

Can you describe exactly what you are trying to accomplish? Are you trying to access 192.168.0.1 from the internet using public IP 66.94.234.13?

Hi,

I have a question about this:

I did this:


Add one rule to chain=forward,
'ip firewall filter add action=jump jump-target=hotspot chain=forward',
set for 'guest' user profile,
'ip hotspot user profile set profile_name incoming-filter=1 outgoing-filter=1', that will redirect current profile traffoc to chain=1.

Add rule to chain 1 to drop traffic with specific dst-address,
'ip firewall filter add chain=1 dst-address=172.0.0.0/8 action=drop'.
And I applied this rule at the user 'guest'

I did that for locking to the user 'guest' couldn't acceed to 172.0.0.0/8 but as you can see I obtain a drop
But now I would need that the user could redirect to the hotspot home page or to nay error page where the user can be alerted that can not be acceed to the rank
How could I do it?

Many thanks for your help and understanding.
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Mon Jan 29, 2007 8:28 am

/ip firewall nat add chain=srcnat src-address=192.168.0.1 protocol=tcp src-port=6580 action=src-nat to-addresses=66.94.234.13 to-ports=80

Who is online

Users browsing this forum: agmatheus, eworm, homerwsmith and 90 guests