DST-NAT

zack · Mon Aug 22, 2005 2:50 pm

I have one public IP address and want to redirect port 3389 to internal IP address 10.10.10.3
The following config does not work:
>ip firewall dst-nat add action=nat protocol=tcp dst-address=xx.xx.xx.xx/32:3389 to-dst-address=10.10.10.3 disabled=no

May be I must do something with the firewall because when I scan the public IP with nmap it is "closed"

cmit · Mon Aug 22, 2005 3:41 pm

You should take care that your forward firewall rules also let this traffic through - perhaps it's blocked at that level?

zack · Mon Aug 22, 2005 4:42 pm

[admin@BR7] ip firewall> print detail
0 name="input" policy=accept

1 name="forward" policy=accept

2 name="output" policy=accept
[admin@BR7] ip firewall>

What I need to add. Or everything is fine. Where I can fing good info about Mikrotik firewalls

cmit · Mon Aug 22, 2005 4:55 pm

Post the output of "/ip firewall forward print without-paging" - this will show us (and you) if there are any rules in the forward chain that block your dst-natted traffic...

zack · Mon Aug 22, 2005 6:40 pm

Is there any problem if I have only one real IP address and use it for PAT

wildbill442 · Mon Aug 22, 2005 7:46 pm

I have one public IP address and want to redirect port 3389 to internal IP address 10.10.10.3
The following config does not work:
>ip firewall dst-nat add action=nat protocol=tcp dst-address=xx.xx.xx.xx/32:3389 to-dst-address=10.10.10.3 disabled=no

May be I must do something with the firewall because when I scan the public IP with nmap it is "closed"

the rule should be:

ip firewall dst-nat add action=nat protocol=tcp dst-port=3389 to-dst-address=10.10.10.3 disabled=no

zack · Tue Aug 23, 2005 10:11 am

10x a lot. Everything is working

DST-NAT

DST-NAT

Re: DST-NAT

Who is online