Community discussions

MikroTik App
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 548
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

dst-nat rule

Fri May 28, 2004 7:08 pm

we have a MT box doing NAT between the public addresses (62.94.214.xx/28) and the privates 10.0.0.xxx/24

we have a web server running on the 10.0.0.248. To reach from the internet this server I have done a dst-rule to translate the 62.94.214.y to 10.0.0.248

Giving the fact we run our corporate web on this server and that most of our customer have private ip I'd like to reach from inside the inside the server calling it at 62.94.214.y and not 10.0.0.248

The dst-nat rule dosen't work from inside. When I call the public ip from inside the counter of teh rule works but nothing happen.

May someone more expert then me give an advice??

thanks
 
User avatar
HarvSki
Member
Member
Posts: 398
Joined: Fri May 28, 2004 3:37 pm
Location: London, UK

Fri May 28, 2004 7:39 pm

one way to do this is to set up a static DNS A record for the private address in the DNS that serves your private address clients, this is only any good if that DNS server is not the authortive DNS for the domain.
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 548
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Fri May 28, 2004 7:44 pm

is there another way?
because I need to find a solution that don't guide me to have a more complex situation. another dns server.......

thanks
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 548
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Fri May 28, 2004 7:58 pm

solved!
I added a routing rule!
 
User avatar
YazzY
Member Candidate
Member Candidate
Posts: 140
Joined: Fri May 28, 2004 3:26 pm
Location: Norway, Østfold
Contact:

Proxy

Sat May 29, 2004 1:02 am

You could also do the same trick with a http proxy.
 
User avatar
jimvan
just joined
Posts: 9
Joined: Fri May 28, 2004 9:44 pm

Sat May 29, 2004 7:04 am

you can also add a static internal entry in dns of MT router and add have MT dhcp point all internal clients to router for dns. Works great here. :wink:
 
Cameron Earnshaw
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Sun May 30, 2004 6:46 pm
Contact:

Sun May 30, 2004 8:15 pm

I'd like to do this too, but have never been able to get it to work without dst-nat, which doesn't seem to work for certain aplications such as IP phones. Can you give an example of the route you added to get it to work? Did you have to add another NIC? Thanks.

Cameron
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 548
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Sun May 30, 2004 8:52 pm

I just added a static route to the table I used for routing the web server.

I added: to 10.0.0.0/24 use the 10.0.0.1 gateway

But you could also have the dst-nat rule to translate the 62.94.214.y/32:80 to 10.0.0.248/32:80

So I can reach the webserver from inside the network using 10.0.0.248 or 62.94.214.y

Hope this can help you.

bye
 
Cameron Earnshaw
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Sun May 30, 2004 6:46 pm
Contact:

Mon May 31, 2004 3:03 pm

OK, I guess I misunderstood what you were doing. This is just the normal way of doing dst-nat in the Mikrotik. My problem is I find certain applications don't want to work behind nat (IP phones, for example) so I want to have actual public addresses on LAN side of my Mikrotik as well. Setting up a segmented subnet such as 12.38.222.64/26 on the LAN side of the router (while having 12.38.222.0/24 on the WAN side) doesn't seem to work. Or am I missing something?
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 548
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Mon May 31, 2004 3:13 pm

I did the same think and it seems to work. You should activate proxy-arp on the lan interface.

so I can route private and public IP on the lan side.

bye

Who is online

Users browsing this forum: fposavec, MarcDE, sindy and 54 guests