MikroTik

Community discussions
https://forum.mikrotik.com/

DNAT with dst-address unset not working at all

https://forum.mikrotik.com/viewtopic.php?t=92042

Page 1 of 1

DNAT with dst-address unset not working at all

Posted: Wed Dec 10, 2014 10:21 am
by ners
Hi, I am trying to redirect all HTTP requests (to any IP address) from users within a specific network to a local web server but apparently my rule is not working. Connection tracking is set to auto, RouterOS version is 6.19, the rule is enabled, no other NAT rules are present in /ip firewall nat

My rule is:
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 log=yes protocol=tcp src-address=10.10.4.0/24 to-addresses=192.168.15.180 to-ports=80
In "print stats" I see some packet/bytes hits but the rule does not work as intended -- I do not see incoming packets in the firewall logs on the destination machine 192.168.15.180.

Also I can freely open any web site from the src-address network, which means my requests do not get redirected.

What could be the problem? It is such a simple rule...

Re: DNAT with dst-address unset not working at all

Posted: Wed Dec 10, 2014 11:51 am
by spumer
I did same thing and all works fine.

Mangle:
chain=prerouting action=mark-connection new-connection-mark=req_conn passthrough=yes protocol=tcp src-address=192.168.XXX.0/24 dst-address=193.124.3.1 dst-port=SOME_PORTS_HERE

NAT:
chain=dstnat action=dst-nat to-addresses=192.168.YYY.ZZZ connection-mark=req_conn

192.168.XXX.0/24 and 192.168.YYY.0/24 on the same physical interface in my configuration.

I hope it will help.

Re: DNAT with dst-address unset not working at all

Posted: Fri Dec 12, 2014 9:24 am
by ners
Why do you need mangle in this case? What's the point of marking connections in this particular setup?
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/