Community discussions

MikroTik App
 
ilkoi
just joined
Topic Author
Posts: 9
Joined: Fri Sep 02, 2005 7:21 am

Port Forwarding

Wed Feb 07, 2007 12:56 pm

Hi i want to redirect some port (example 25) to internal IP addres in DMZ zone but i want to save real source ip to the destination host when i use dest-nat the source ip is changed to mikrotik interface do you have any idea[/code]
 
Diganet
Member
Member
Posts: 349
Joined: Sun Oct 30, 2005 9:30 pm
Location: Denmark
Contact:

Wed Feb 07, 2007 2:03 pm

Try use redirect instead of dst-nat

/Henrik
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Feb 07, 2007 2:06 pm

No, action=redirect will redirect all packets to the router ITSELF (i.e. not possible to use that to redirect to a server in the DMZ)!

If using dst-nat, the source ip address shouldn't be touched in any way. Maybe you have another rule doing src-nat/masquerade that is changing the src-address of those packets?

Best regards,
Christian Meis
 
ilkoi
just joined
Topic Author
Posts: 9
Joined: Fri Sep 02, 2005 7:21 am

Wed Feb 07, 2007 3:24 pm

No i Have not src nat rule i thng that this will be made with same or netmap rules 1:1 nat
 
Diganet
Member
Member
Posts: 349
Joined: Sun Oct 30, 2005 9:30 pm
Location: Denmark
Contact:

Thu Feb 08, 2007 12:41 am

No, action=redirect will redirect all packets to the router ITSELF (i.e. not possible to use that to redirect to a server in the DMZ)!
Sorry you're right i didn't read the question good enough i guess :)

/Henrik
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Thu Feb 08, 2007 9:35 am

ilkoi, can you post your firewall/nat rules for us to check?
There shouldn't be a problem like that...

Best regards,
Christian Meis
Best regards,
Christian Meis
 
ilkoi
just joined
Topic Author
Posts: 9
Joined: Fri Sep 02, 2005 7:21 am

Thu Feb 08, 2007 10:23 am

add address=10.40.0.1/24 network=10.40.0.0 broadcast=10.40.0.255 interface=DMZ \
comment="DMZ" disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=ADSL2 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \
routing-mark=IronPort comment="" disabled=no
add chain=dstnat dst-address=192.168.2.2 protocol=tcp dst-port=25 \
action=dst-nat to-addresses=10.40.0.100 to-ports=25 comment="Iron Port \[img]ftp://crs.albena.bg/mikrotik.jpg[/img]
 
reliableComputer
just joined
Posts: 8
Joined: Tue Sep 12, 2006 8:51 pm

Re: Port Forwarding

Thu Aug 16, 2007 9:46 pm

I am struggling with a similiar problem.

The problem is, I want to forward traffic to the server (via dst-nat) but have the packet retain it's original source information. Right now, it gets changed to whatever the internal IP is on the Mikrotik.

ex.
packet comes in for webserver on port 80, from ip 208.10.10.10 (random web surfer)
destined to 208.20.20.20 (my public IP).

The mikrotik gets this packet, sees that it's going to port 80 and dst-nat's it to 192.168.1.30
When the web server on 192.168.1.30 gets the packet it thinks that it originated from 192.168.1.1 (the internal IP of the MT).

I would like the web server to be able to track where the IP's are actually coming from.

Is there a way to make this happen? All outbound traffic is simply masqueraded.

Thanks
-Keith-

Who is online

Users browsing this forum: No registered users and 141 guests