Community discussions

MikroTik App
 
BrianM
just joined
Topic Author
Posts: 3
Joined: Tue Sep 15, 2020 4:08 am

Redirecting specific external traffic to appear as if it came from within the network

Sun Nov 22, 2020 5:47 am

I'm trying to setup where a specific person's web traffic from outside of my network goes through my router and appears as if it was originating from my network. The only requirement is their traffic needs enter my router, be redirected back out and appear as if originated from within my network. Encryption is not necessary, and they don't need to be visible within the LAN itself. I would prefer it to be handled strictly within the router, but can setup a server within the network if necessary.

I'm assuming that can be done by setting up a proxy or VPN, but have no idea where to start.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Redirecting specific external traffic to appear as if it came from within the network

Sun Nov 22, 2020 8:02 pm

Let's see your current configuration. Making a few assumptions, for example when you say "web traffic" I've assumed you mean Internet access. And when you say "be redirected back out" I assume you mean redirected to the Internet. If my wild guesses are correct, I would expect that all you'd need is (1) a route back to this person's subnet and (2) possibly a tweak to the NAT rules so that their traffic is NATed in the same way as your own. If not then maybe a diagram and an explanation would help understand exactly what you're trying to achieve.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Redirecting specific external traffic to appear as if it came from within the network

Sun Nov 22, 2020 9:03 pm

I doubt its that easy.
The person is looking probably to redirect traffic to the internet and have the internet traffic come back from the MT router to the person as if all traffic from this person was with the MT only.
This is a typical VPN scenario from my viewpoint.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirecting specific external traffic to appear as if it came from within the network

Sun Nov 22, 2020 10:23 pm

If you want someone else browsing internet through your router, it's not difficult. Both VPN and proxy can be used for this.

VPN can be used to route all traffic, not just web browsing. It's not hard requirement, it's possible to route only selected traffic, but it depends on client if it's able to do that. Regular clients (Windows PC, etc.) will have problem with that.

Proxy can be used selectively, but it needs to be supported in programs where you need it. It's no problem for web browsers, proxy support is standard.

If you'd use only proxy, you definitely need to limit access to it. RouterOS recently added SOCKS5 with authentication, so in theory it could be used. But I don't know how much browsers support proxy authentication. And even if it works, I'd not do it this way, because you'd get millions of bots hammering your router day and night, trying to get in.

Best would be to combine both, VPN as safe way how to access router and proxy, and proxy used by whatever program you want.
 
BrianM
just joined
Topic Author
Posts: 3
Joined: Tue Sep 15, 2020 4:08 am

Re: Redirecting specific external traffic to appear as if it came from within the network

Mon Nov 23, 2020 7:57 am

Yes, I'm looking to have someone outside of my network browse the internet through my router. Do you know of any guides that best match this kind of use case?
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Redirecting specific external traffic to appear as if it came from within the network

Mon Nov 23, 2020 4:48 pm

Yes, I'm looking to have someone outside of my network browse the internet through my router. Do you know of any guides that best match this kind of use case?
How will their traffic reach your network, do you have a private link or are they reaching you over the Internet?
 
BrianM
just joined
Topic Author
Posts: 3
Joined: Tue Sep 15, 2020 4:08 am

Re: Redirecting specific external traffic to appear as if it came from within the network

Tue Nov 24, 2020 5:19 am

It would be over the internet.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirecting specific external traffic to appear as if it came from within the network

Tue Nov 24, 2020 5:43 am

Start with some VPN. Easiest to set up should be L2TP/IPsec:

https://wiki.mikrotik.com/wiki/Manual:I ... pSec_setup

Other alternatives are:

https://wiki.mikrotik.com/wiki/Manual:I ... ote_Client
https://wiki.mikrotik.com/wiki/Manual:I ... n_Examples
https://wiki.mikrotik.com/wiki/Manual:I ... entication

But they all deal with certificates in some way and it's no fun.

Then you can either use the VPN connection itself to route everything from client through your router, or you can use it only to access proxy on your router (if you want it only for selected programs).
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Redirecting specific external traffic to appear as if it came from within the network

Tue Nov 24, 2020 1:44 pm

I agree, L2TP is easiest if that's supported at the third party's equipment as well. You said you don't need encryption, which makes some sense if this is Internet traffic anyway. You'll need a route to your third party's IP address range(s) via the L2TP tunnel interface. And if you're using default conventions then the L2TP tunnel shouldn't be in the "WAN" interface list.

Who is online

Users browsing this forum: Bing [Bot], esj, sybadi and 87 guests