Community discussions

MikroTik App
 
ysha
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Wed Sep 16, 2015 11:04 am

MTik equivalent rule with "PF - nat on static-port"

Thu Jan 07, 2021 6:47 am

Is it possible on MTik PF (https://www.openbsd.org/faq/pf/nat.html) equivalent rule as:

nat on $tln_if from 192.168.1.12 to any -> ($tln_if) static-port

where $tln_if is external provider ip, 192.168.1.12 - LAN ip behind NAT

static-port
Tells PF not to translate the source port in TCP and UDP packets.
 
sindy
Forum Guru
Forum Guru
Posts: 6661
Joined: Mon Dec 04, 2017 9:19 pm

Re: MTik equivalent rule with "PF - nat on static-port"

Sun Jan 10, 2021 8:20 pm

To keep the original source port unchanged if possible is the default behavior of the Mikrotik firewall. "If possible" means "if no other connection to the same remote IP address and port already uses the same port on the new local IP address".

If you set the to-ports parameter of an action=src-nat or action=masquerade rule to a single port number, and that port is already occupied by another connection from the same new local IP address to the same remote IP address and port when the initial packet of a new connection arrives, this initial packet is dropped - even if the to-addresses contain a list of addresses to choose from.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5947
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MTik equivalent rule with "PF - nat on static-port"

Sun Jan 10, 2021 9:26 pm

Instead of discussing the config, why not state the use case, so we dont guess what you are trying to do.
No talkie of router settings !!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: 0ldy0ne, Bytezone, paulsb, ragno, rodpp and 148 guests