Community discussions

MikroTik App
 
User avatar
TerminalAddict
just joined
Topic Author
Posts: 9
Joined: Wed May 25, 2016 6:46 am
Location: Hamilton, New Zealand
Contact:

dst-nat to internal IP

Mon Oct 08, 2018 9:04 am

I trying to dst-nat all internal requests to 80 and 443 to a local webserver
;;; dnat local 80 to pbody
      chain=dstnat action=dst-nat to-addresses=10.255.252.2 to-ports=80 protocol=tcp src-address=!10.255.252.2 dst-address=10.255.252.254 in-interface=bridge3-5 
      dst-port=80 log=yes log-prefix="DNAT local 80:" 

17    ;;; dnat local 443 to pbody
      chain=dstnat action=dst-nat to-addresses=10.255.252.2 to-ports=443 protocol=tcp src-address=!10.255.252.2 dst-address=10.255.252.254 in-interface=bridge3-5 
      dst-port=443 log=yes log-prefix="DNAT local 80:"
the packets are getting forwarded it seems
19:01:09.065603 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [R], seq 3398444274, win 0, length 0
19:01:09.163794 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [S], seq 3398444273, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 865734842 ecr 0,sackOK,eol], length 0
19:01:09.165938 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [R], seq 3398444274, win 0, length 0
19:01:09.364872 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [S], seq 3398444273, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 865735042 ecr 0,sackOK,eol], length 0
19:01:09.366192 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [R], seq 3398444274, win 0, length 0
19:01:09.769425 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [S], seq 3398444273, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 865735442 ecr 0,sackOK,eol], length 0
19:01:09.771483 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [R], seq 3398444274, win 0, length 0
19:01:10.573701 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [S], seq 3398444273, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 865736243 ecr 0,sackOK,eol], length 0
19:01:10.576169 IP 10.255.252.150.49796 > 10.255.252.2.443: Flags [R], seq 3398444274, win 0, length 0
I'v got nginx working just fine on the host 10.255.252.2

but I'm not getting a response
presumably because of a return route path ?
i.e. 10.255.252.150->254->2->150
the return path doesn't return via 254

any other way of achieving what I'm trying to do?

Who is online

Users browsing this forum: Baidu [Spider], eworm, Google [Bot], mbovenka, ysha and 55 guests