Community discussions

MUM Europe 2020
 
ranpha
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Mon Jan 09, 2012 3:16 am

Redirect traffic towards one IP to another IP

Wed May 22, 2019 10:14 am

Situation:-

Gateway router IP: 192.168.88.1
raspberrry pi (pi-hole): 192.168.88.20
Offending device IP: 192.168.88.30

My DHCP server has been set to give out addresses via static addressing, with the DNS server being 192.168.88.20.
But a wayward device (the 192.168.88.30) has its DNS hardcoded to Google DNS 8.8.8.8 and 8.8.4.4.
Therefore, if I want to redirect all the 192.168.88.30's attempts to access 8.8.8.8/8.8.4.4. to my pi-hole server 192.168.88.20, all I have to do is to create the NAT entries as shown below?
 5    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=udp dst-address=8.8.8.8 
      dst-port=53 log=no log-prefix="" 

 6    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=tcp dst-address=8.8.8.8 
      dst-port=53 log=no log-prefix="" 

 7    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=udp dst-address=8.8.4.4 
      dst-port=53 log=no log-prefix="" 

 8    chain=dstnat action=dst-nat to-addresses=192.168.88.20 to-ports=53 protocol=tcp dst-address=8.8.4.4 
      dst-port=53 log=no log-prefix="" 
 
Sob
Forum Guru
Forum Guru
Posts: 4877
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirect traffic towards one IP to another IP

Wed May 22, 2019 6:17 pm

You also need some srcnat, because with your rules 192.168.88.30 sends packet to 8.8.8.8, it's redirected to 192.168.88.20, it responds directly to 192.168.88.30 and it throws it out, because it expects response from 8.8.8.8.

More details here:
https://wiki.mikrotik.com/wiki/Hairpin_NAT
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
ceylan
just joined
Posts: 24
Joined: Sat Feb 10, 2018 3:03 pm
Location: CYPRUS
Contact:

Re: Redirect traffic towards one IP to another IP

Fri Jul 26, 2019 8:33 am

Hello to everyone...I use pi-hole linux dns server on my network.the problem is that, i can not see all my Clients (total) in pi-hole(you can see in pic.).The IP address of the DNS SERVER is 10.10.10.2 and ip address of clients 192.168.240.0/22.When I look at client ip addresses from dns server,I see a few ip in the form of 10.10.10.3 and 10.10.10.x(same ip blok with dns server).i know to need to write firewall-nat in my main mikrotik (Request future from 192.168.240.0/22 ​​to exit from 10.10.10.2) but i am not sure to how can write it.And i am not sure if i need to write this nat to client router too!!??
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 55 guests