Community discussions

 
dlopez
newbie
Topic Author
Posts: 28
Joined: Mon Feb 06, 2012 4:52 pm

DST-NAT Local IP to Local IP

Tue Feb 14, 2012 9:13 pm

Hi, I want to forward the traffic from my LAN to the MK on port 25 to a local IP :
Client IP ( 192.168.0.1 ) -----> 192.168.0.10:25 (Mikrotik) ------> 192.168.0.2:25 (MailServer)
I've been try to do the following using the DST-NAT chain using something like :
/ip firewall nat add chain=dstnat in-interface=LAN1 dst-address=192.168.0.10 protocol=tcp port=25 to-addresses=192.168.0.2 to-ports=25 action=dst-nat 
But with no success. Any ideas ???

BTW: I need this rule because the mail server used to be the same as the firewall (Linux Box) and there're about 30 pc with that configuration.
 
luiscandia
newbie
Posts: 27
Joined: Tue Nov 01, 2011 6:46 pm

Re: DST-NAT Local IP to Local IP

Tue Feb 14, 2012 10:07 pm

Are you using a rule for NAT masquerade?
 
dlopez
newbie
Topic Author
Posts: 28
Joined: Mon Feb 06, 2012 4:52 pm

Re: DST-NAT Local IP to Local IP

Wed Feb 15, 2012 12:31 am

Yes I have a global masquerade rule :
chain=srcnat action=masquerade src-address=192.168.0.0/24 out-interface=eth1-wan
 
luiscandia
newbie
Posts: 27
Joined: Tue Nov 01, 2011 6:46 pm

Re: DST-NAT Local IP to Local IP

Wed Feb 15, 2012 12:40 am

in the masquerade rule, in this case is not necessary to specify src address, just masquerade the out interface so:
chain=srcnat action=masquerade out-interface=eth1-wan
 
dlopez
newbie
Topic Author
Posts: 28
Joined: Mon Feb 06, 2012 4:52 pm

Re: DST-NAT Local IP to Local IP

Wed Feb 15, 2012 12:51 am

Ok, I've changed that but still no joy.
 
luiscandia
newbie
Posts: 27
Joined: Tue Nov 01, 2011 6:46 pm

Re: DST-NAT Local IP to Local IP

Wed Feb 15, 2012 12:57 am

What if you try to put your mail server in other network? like 172.16.1.5 in other port and network of your mikrotik router.

maybe as this rule is not passing the router, is not changing the dst address.
 
User avatar
dasiu
Trainer
Trainer
Posts: 232
Joined: Fri Jan 30, 2009 11:41 am
Location: Reading, UK
Contact:

Re: DST-NAT Local IP to Local IP

Wed Feb 15, 2012 2:02 am

If I understand it correctly, the MailServer is on LAN1, just like the other computers? Then - add another masquarading rule:
chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=192.168.0.2
Does it work now? :)

If it is the case, computer with 192.168.0.1 sends a packet to 192.168.0.10 (MikroTik), which redirects the packet (leaving the source address = .1) to .2 server on the same interface. The server gets the packet with src-address=.1, and sends the response straight to the computer in the same subnet, not through MikroTik. So client starts connection with 192.168.0.10, but receives response (ACK) from 192.168.0.2 :). That's why the NAT rule for dst-address=192.168.0.2 should be created, so that MailServer would send the return packets also through the MikroTik.
 
dlopez
newbie
Topic Author
Posts: 28
Joined: Mon Feb 06, 2012 4:52 pm

Re: DST-NAT Local IP to Local IP

Wed Feb 15, 2012 4:40 am

Ok, using both rules maked it work. Thanks.
/ip firewall nat add chain=dstnat in-interface=LAN1 dst-address=192.168.0.10 protocol=tcp port=25 to-addresses=192.168.0.2 to-ports=25 action=dst-nat
chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=192.168.0.2
 
User avatar
kolorasta
Member Candidate
Member Candidate
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Re: DST-NAT Local IP to Local IP

Fri Aug 03, 2012 5:59 pm

this was useful for me and worked fine.. thank u

Who is online

Users browsing this forum: No registered users and 145 guests