Community discussions

MikroTik App
 
AZak
just joined
Topic Author
Posts: 13
Joined: Wed Jul 17, 2019 11:08 am

Port Forwarding Using Several Public IPs on one WAN Interface

Mon Dec 20, 2021 6:55 pm

Dear All,

I have several Public IPs assigned to one WAN interface,

For Example I have 2 Public IPs (10.1.1.2 and 10.1.1.3) assigned to the WAN interface,

So I want to make 2 port forwarding Rules for example 10.1.1.2 port 22 to 192.168.1.2 port 22 and another port forwarding rule 10.1.1.3 port 22 to 192.168.1.3 port 22,

I have made a dst-nat rule with a
destination address of 10.1.1.2, protocol tcp, Dst. port 22, in-interface: WAN, action: dst-nat, to addresses: 192.168.1.2, to ports: 22
,

and I have added a filter rule since I have some exception rules, so the rule is:
action: accept, chain: forward, dst.address: 10.1.1.2, protocol: tcp, Dst.port 22
,

is there anything done wrong here?

Thanks in advance!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port Forwarding Using Several Public IPs on one WAN Interface

Mon Dec 20, 2021 7:05 pm

You can make as many port forwardings with the same dst-port 22 as you have public IPs.
So no rules broken there.
If you needed to port forward port 22 to another server on either of the two public IPs, then you would need port translation
aka dst-port 2220 and then port translate that to 22.

++++++++++++++++++++++++++++++++++++++++++++
as for port forwarding, there is only one FoRWARD Chain that really applies.....
OR some variation of.......... The rest of the port forwarding rules are handled in the NAT Chain.
add action=accept chain=forward comment="Allow Port Forwarding" connection-nat-state=dstnat \
connection-state=new in-interface-list=WA
N

++++++++++++++++++++++++++++++++++++++++++++++

Another issue however will crop up, how will you ensure that the responses from the servers will go out the proper WANIP?
In other words, without seeing the IP routes setup its hard to say what will happen.

Best bet is to post your config for comments/observations.
/export hide-sensitive file=anynameyouwish

Who is online

Users browsing this forum: Bolendox, cmmike, lmeira, mtkvvv, svh79 and 39 guests