Community discussions

MikroTik App
 
stromo
just joined
Topic Author
Posts: 7
Joined: Sun Sep 23, 2012 3:06 pm

How to change dest addr of egress packets and source addr of ingress packets?

Fri Nov 12, 2021 5:44 pm

src-nat will only let me change the source addr of egress packets. i want to change the dest addr also.
dst-nat will only let me change the dest addr of ingress packets. i want to change the src addr also.

Why? I have several clients on my LAN that insist on using google DNS (8.8.8.8 ). i want to redirect those UDP/53 packets to a different DNS.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: How to change dest addr of egress packets and source addr of ingress packets?

Fri Nov 12, 2021 6:17 pm

And where is the problem?
Is from 2007 than I force all the users to use my DNS instead of anyother.
On Italy I'm forced by stupid laws to do that.


DST-NAT is applied on prerouting, you can not alter the source IP of the incoming packet because that connection is already tracked with that IP source.
SRC-NAT is applied on postrounting, you can not alter the destination IP of the outcoming packet because that connection is already routed with that IP destination.

Change DNS do not involve nothing more to the exclusive use of DST-NAT.
Incoming replies from forced DNS are already sent back to right IP source of request from connection tracking.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to change dest addr of egress packets and source addr of ingress packets?

Fri Nov 12, 2021 7:46 pm

It is possible to change both src address and dst address of a packet, it is only that two rules are needed: one src-nat and one dst-nat. As @regextended explained, dst-nat comes first so if src-nat includes selector on dst address, it should match on already changed one.

Who is online

Users browsing this forum: akakua, Amazon [Bot], sebus46, sindy, VinceKalloe and 91 guests