Community discussions

MikroTik App
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Forwarding public IP to private

Tue Dec 04, 2007 5:46 am

My network is a basic SOHO LAN.

[WAN] --24.123.1.2-- [2.9.50 RouterOS] --10.0.0.0/24-- [LAN]

My LAN, as far as this post is concerned, two nodes:

* 10.0.0.2 HTTP server on port 80/tcp
* 10.0.0.65 Windows XP desktop

What I would like to enable is any traffic destined for 24.123.1.2:80 from 10.0.0.0/24 be redirected to 10.0.0.2:80

Thanks in advance!
Josh
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Forwarding public IP to private

Tue Dec 04, 2007 9:25 am

You NAT rules like,
'ip firewall nat add action=dstnat chain=dst-nat protocot=tcp dst-port=80 dst-address=public_IP_Address to-addresses=local_IP_address to-ports=80'
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Re: Forwarding public IP to private

Tue Dec 04, 2007 5:16 pm

I have tried that exact same rule and it is not working =/
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Forwarding public IP to private

Tue Dec 04, 2007 5:49 pm

I have tried that exact same rule and it is not working =/
Then try harder :) haven't you forgot to run web server on 10.0.0.2? What are the symptoms of this non-working issue?
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 1:36 am

I'm positive the web server is working. I can access it at 10.0.0.2 from within the lan and 24.123.1.2 from outside the network just fine with this rule:
add chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=80 \
    in-interface="wan - integ" dst-port=80 protocol=tcp comment="logic - http" \
    disabled=no
By "not working" I mean any time I point my browser to 24.123.1.2 it simply times out.
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 1:40 am

Forgot to mention that Winbox is counting packets as I hit it. My nmap tells me the port is filtered.
 
User avatar
jp
Long time Member
Long time Member
Posts: 609
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 3:38 am

Have you turned off MT's webserver service port?
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 4:23 am

It isn't off - it was changed from port 80, though.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 9:32 am

iam8up,
Do you access page from local network of this router or from remote location ?

I think it is working from remote networks,
I see for this address,

>This Web site not available due to technical difficulties, or does not exist.
>Please check back at a later time, or check the URL you are attempting to access.
>Thanks for your understanding.
>If you are the owner of this site please contact the Server Administrator.

It should not work from local network, as you have in-interface="wan - integ".
I assume it is public interface, so packets are being forwarded only from public interface (not from local).
 
cmacneill
Member Candidate
Member Candidate
Posts: 293
Joined: Sun Apr 01, 2007 10:51 pm
Location: Christchurch, New Zealand

Re: Forwarding public IP to private

Wed Dec 05, 2007 10:00 am

I guess you're trying to connect to the public address from within your private network?

It looks like you've set your DNAT rule to only operate on packets originating from your WAN interface, this means packets from your internal browser will not get translated and will be trying to connect to a Web Server on the router itself.

Do:-
ip firewall nat add action=dstnat chain=dst-nat protocot=tcp dst-port=80 dst-address=24.123.1.2 to-addresses=10.0.0.2 to-ports=80
This will then translate packets from any interface.
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 11:03 am

iam8up,
Do you access page from local network of this router or from remote location ?

I think it is working from remote networks,
I see for this address,

>This Web site not available due to technical difficulties, or does not exist.
>Please check back at a later time, or check the URL you are attempting to access.
>Thanks for your understanding.
>If you are the owner of this site please contact the Server Administrator.

It should not work from local network, as you have in-interface="wan - integ".
I assume it is public interface, so packets are being forwarded only from public interface (not from local).
24.123.1.2 was an IP I thought would be good for an example WAN IP. I can't memorize my own - sorry about that!
I guess you're trying to connect to the public address from within your private network?

It looks like you've set your DNAT rule to only operate on packets originating from your WAN interface, this means packets from your internal browser will not get translated and will be trying to connect to a Web Server on the router itself.

Do:-
ip firewall nat add action=dstnat chain=dst-nat protocot=tcp dst-port=80 dst-address=24.123.1.2 to-addresses=10.0.0.2 to-ports=80
This will then translate packets from any interface.
What I would like to enable is any traffic destined for 24.123.1.2:80 from 10.0.0.0/24 be redirected to 10.0.0.2:80

I'm told by one of the consults, as I've learned to be a real expert in MikroTik, that this can not be done. The Linux Kernel can not forward traffic destined from which it came. I could enable a PPTP tunnel (another interface at this point) or add a whole other interface to my router to solve my problem.

In short, it can not be done. Oh well.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Forwarding public IP to private

Wed Dec 05, 2007 11:21 am

I guess that usually web-servers use DNS, isn't it ?
So, when you have http://www.something.com,
that is pointing to 24.123.1.2, then router is pointing to 10.0.0.2.
You may use static DNS cache in router, then forward http://www.something.com to local network users.

Who is online

Users browsing this forum: Amazon [Bot], BuckBuck, emunt6, GoogleOther [Bot], jaclaz and 69 guests