Community discussions

MikroTik App
 
DotTest37
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sun Oct 06, 2013 10:01 pm

Combination of NAT Overloading, PAT and Firewall Rules

Sun Oct 06, 2013 10:13 pm

This is my first post on this Forum.
Ive been hanging my head on this one.

I have 5 public IPs from ISP, the first IP is used for NAT overloading so my LAN can acess the Internet (this works)
I also added a dst-nat using the second public IP from my ISP, a To-Address and TCP port 80 and another on port 8080, because I have one web server on my LAN and RouterOS needs to provide access to it on either port (this works)

Now, I need to have the ability of creating a Firewall Rule that blocks one of the Ports (lets say, 80) incoming from the second ISP IP that I assigned on the dst-nat. (this sounds confusing, why would I want to block a port that I just created a NAT for?)
Well, no real reason but I would imagine that NAT controls the translation, and Filter controls what flows (translated or not), so I would expect to control the 'door' on the Filter , and not on the NAT.

Everytime I tried creating rules in different places I ended up blocking nothing or blocking the wrong, so I need advice.

I understand on the packet flow that dst-nat gets processed before the Firewall Rules, so I tried creating rules that block the internal IP/Port after it gets translated, etc etc, I also tried to use a 'prerouting' mangle to mark the traffic, but if I block it on the firewall rules I also block other things that I dont want.

Thanks Guys

Dotty
 
DotTest37
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sun Oct 06, 2013 10:01 pm

Re: Combination of NAT Overloading, PAT and Firewall Rules

Tue Oct 08, 2013 8:57 pm

Bump.
It took days for the opening post to be checked by a Moderator, and was pushed to the bottom.

D.

Who is online

Users browsing this forum: anon31337, AUsquirrel, aussiewan, EbeltoftsNet, eworm, oskarsk, Renfrew, VaMpIrEKiNg and 98 guests