Hi there, I have a rather interesting use case for NAT I am trying to work out and am hoping some Gurus here might be able to come up with a way to do it if it is possible.
Topology is like this:
Mikrotik Router=
Private network of 192.168.1.0/24
WAN Network of 10.1.1.2/30
Default route pointing to 10.1.1.1
WAN network connects to another router that has IP 10.1.1.1 which has routes to 10.20.20.0/24 (where a database server lives and is listening on port 1525)
This router does not have a route for 192.168.1.0/24
This router DOES have a route for 10.1.1.2
This router can be considered out of scope and not accessible for the purpose of this question.
I have SRC-NAT Masquerade rule which works for all traffic
chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface-list=WAN log=yes log-prefix="GENERAL-MASQ"
So far just a standard private NAT Masquerade setup right?
But what I NEED to do is SRC-NAT Masquerade some traffic from 192.168.1.0/24 AND change the destination port
So for example I have a client on 192.168.1.20 trying to connect to a database that lives on server 10.20.20.7 but where the database server is listening on port 1525
However the client is trying to connect using port 31525
So I need to change the destination port that the client is trying to connect to AND also change the source address as it leaves the Mikrotik router so that the database server will see a connection attempt from 10.1.1.2:(random source port)
Is this possible?