Community discussions

MUM Europe 2020
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

DNAT with dst-address unset not working at all

Wed Dec 10, 2014 10:21 am

Hi, I am trying to redirect all HTTP requests (to any IP address) from users within a specific network to a local web server but apparently my rule is not working. Connection tracking is set to auto, RouterOS version is 6.19, the rule is enabled, no other NAT rules are present in /ip firewall nat

My rule is:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 log=yes protocol=tcp src-address=10.10.4.0/24 to-addresses=192.168.15.180 to-ports=80
In "print stats" I see some packet/bytes hits but the rule does not work as intended -- I do not see incoming packets in the firewall logs on the destination machine 192.168.15.180.

Also I can freely open any web site from the src-address network, which means my requests do not get redirected.

What could be the problem? It is such a simple rule...
 
spumer
just joined
Posts: 3
Joined: Wed Dec 10, 2014 8:45 am

Re: DNAT with dst-address unset not working at all

Wed Dec 10, 2014 11:51 am

I did same thing and all works fine.

Mangle:
chain=prerouting action=mark-connection new-connection-mark=req_conn passthrough=yes protocol=tcp src-address=192.168.XXX.0/24 dst-address=193.124.3.1 dst-port=SOME_PORTS_HERE

NAT:
chain=dstnat action=dst-nat to-addresses=192.168.YYY.ZZZ connection-mark=req_conn

192.168.XXX.0/24 and 192.168.YYY.0/24 on the same physical interface in my configuration.

I hope it will help.
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: DNAT with dst-address unset not working at all

Fri Dec 12, 2014 9:24 am

Why do you need mangle in this case? What's the point of marking connections in this particular setup?

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 73 guests