Community discussions

MikroTik App
  4. RouterOS
  5. General

Masquerade public IP to private?

Post Reply
 
10robinho
just joined
Topic Author
Posts: 11
Joined: Thu Jan 23, 2014 4:40 pm

Masquerade public IP to private?

Thu Jan 23, 2014 4:45 pm

I'm not an expert, so please be gentle :)

I need to ssh to one PC in network, from outside.
I know how to make NAT rule to forward that connection with dst-nat.

Now, the question is how to make that public IP to change to private, so PC thinks that I'm in his network.
Similar is done with masquerade when private IP becomes public, but I can't figure out how to make it in this case.

Thanks
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Masquerade public IP to private?

Thu Jan 23, 2014 5:08 pm

You do it exactly the same way as when masquerading to a public IP. You can either:

Masquerade all traffic leaving the internal interface (DANGEROUS!)

Set up a specific SRN NAT rule specifying the internal interface as the out-interface and specifying the internal host's IP/port as the destination IP/port. Then the action would be SRC NAT to the IP on that internal interface. Be careful with such settings - there are security implications if you leave the selectors too wide.

P.S. - If that internal PC has the RouterBoard set as its default gateway it wouldn't be necessary to do the above unless the PC has specific IP restrictions inbound.
Top
 
10robinho
just joined
Topic Author
Posts: 11
Joined: Thu Jan 23, 2014 4:40 pm

Re: Masquerade public IP to private?

Thu Jan 23, 2014 5:21 pm

This is what I've done so far:

Nat rule #1:
Code: Select all
Chain: dstnat
Dst. address: my.public.ip.address
Dst. port: 1022
Protocol: 6 (tcp)
In interface: WAN #my wan interface
Action: dst-nat
To address: 10.0.0.10 #thats sever that I want to ssh in
To port: 22
That is actually working.

So, I tried to follow your advices with
Nat rule #2:
Code: Select all
Chain: srcnat
Dst. Address: 10.0.0.10
Protocol: 6(tcp)
Dst. Port: 22
Out. Interface: eth2 #interface where switch with server is connected
Action: src-nat
To Addresses: 10.0.0.9
To Ports: 22
Now, when I try to ssh in, there is no response from server.
Any ideas?
Top
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: Masquerade public IP to private?

Thu Jan 23, 2014 9:49 pm

Can you please clarify what you are trying to do,

from this code it looks like you are already in the same subnet, in this case the router won't see the packets and you should be able to simply ssh directly (may have to change firewall on the server to let you in)

If you want to simply be able to use the same login things like $ ssh username@your.public.ip -p 1022 then you need hairpin nat (look on the wiki)

Otherwise please clarify what you want to do.

Regards
Alexander
Top
 
10robinho
just joined
Topic Author
Posts: 11
Joined: Thu Jan 23, 2014 4:40 pm

Re: Masquerade public IP to private?

Fri Jan 24, 2014 4:41 pm

Otherwise please clarify what you want to do.
As I said in the first post, I'm trying to ssh in one PC in network, from outside, so from some random public IP.
Its easy to make dstnat to forward that traffic from public.ip:some_port to server.ip:ssh_port.

Now, I want to masquerade that random public IP (of PC that I use to ssh in server) so it is presented to server as IP from private network.
I know it works without that feature, but point is in masquerading that public IP to look like private IP in local network.
If that is even possible :)

Thanks
Top
Post Reply

Who is online

Users browsing this forum: MrDeepFreeze, scoobyn8, Shambler and 81 guests
  4. RouterOS
  5. General