Community discussions

MikroTik App
 
florim
just joined
Topic Author
Posts: 8
Joined: Tue Jun 01, 2004 5:14 pm
Location: kosovo
Contact:

problem help please

Mon Oct 03, 2005 12:11 pm

I hawe mikrotik 2.8 with ip 82.114.73.86 in interface isp end 2 other interfaces eth2 and eth3 so i nead when some one type the ip in browser 82.114.73.86 to redirect me to eth2 ip 10.10.10.122.
i did this but not working:

ip firewall dst-nat>add action=redirect dst-address=82.114.73.186/32:80 protocol=tcp in-interface=isp to-dst-address=10.10.10.122

sorry for my english
loli
 
Borage
Member Candidate
Member Candidate
Posts: 170
Joined: Sun Sep 26, 2004 10:19 pm

Mon Oct 03, 2005 4:34 pm

Try this one. I added an example for 2.9.x in case you decide to upgrade. :D

v2.8.x
/ip firewall dst-nat add action=nat protocol=tcp \
dst-address=82.114.73.186/32:80 to-dst-address=10.10.10.122
v2.9.x
/ ip firewall nat 
add chain=dstnat dst-address=82.114.73.186/32 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.122 \
    to-ports=0-65535 comment="" disabled=no
 
florim
just joined
Topic Author
Posts: 8
Joined: Tue Jun 01, 2004 5:14 pm
Location: kosovo
Contact:

Mon Oct 03, 2005 5:16 pm

Its not working i try also this but not working
loli
 
User avatar
maroon
Member Candidate
Member Candidate
Posts: 233
Joined: Thu Oct 07, 2004 11:15 am
Location: Lebanon
Contact:

Mon Oct 03, 2005 6:20 pm

are the interfaces on the same box :s ?
 
Borage
Member Candidate
Member Candidate
Posts: 170
Joined: Sun Sep 26, 2004 10:19 pm

Mon Oct 03, 2005 11:33 pm

I'm trying to do that on my 2.9.x system and I must say that every port except the following works.

22
23
80
443

I can easiley set up every other port numbers. :shock:

I changed the service ports in the RouterOs to something else and rebooted, but it will still not work. I have 2 internet connections so I can make tests in real time. What I can see is that the packets arrive to the dst-nat chain. I have also the simplest configuration when I did the test as you can see.
[admin@MikroTik] > ip firewall nat print srcnat
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=wlan1 action=masquerade

[admin@MikroTik] > ip firewall nat print dstnat
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=192.168.0.254 protocol=tcp dst-port=20-21
action=dst-nat to-addresses=192.168.1.201 to-ports=0-65535

1 chain=dstnat dst-address=192.168.0.254 protocol=tcp dst-port=80
action=dst-nat to-addresses=192.168.1.11 to-ports=0-65535

2 chain=dstnat dst-address=192.168.0.254 protocol=tcp dst-port=23
action=dst-nat to-addresses=192.168.1.13 to-ports=0-65535
if you wonder why I have a private IP address at the both interfaces is that I got pissed and did a completely reinstall and connected my laptop directly to the router interface. :evil:
 
Borage
Member Candidate
Member Candidate
Posts: 170
Joined: Sun Sep 26, 2004 10:19 pm

Tue Oct 04, 2005 12:25 am

It was obviously my own fault this time. :D

I connected from Line 1 over internet to Line 2 and natted back to the same LAN my computer is on. That obviously does not works with http,ssh & telnet, but ftp is no problem at all. :shock:

My computer & Webserver ---> Router 1---> Line 1---Internet---> Line 2---> Router 2---> Router 1

Conclusion, it must work out for you. Try to change the service port on the router from port 80 to something else, if you do not already tried that.

Who is online

Users browsing this forum: Bing [Bot], Google Feedfetcher and 94 guests