Hello everyone,

I have faced a weird situation as if I am the only one in the world, who tries to settle that kind of problem. An external server changes its address. Client software connects to it via IP, not FQDN. How might I perform a destination address substitute in order not to reconfigure hundreds of client computers?

I tried all possible kinds of dstnat, netmap, mark routing -- RouterOS either does nothing, or refuses to accept a rule at all. Does that mean that it cannot do destination address spoofing at all?

Yours faithfully, Vadim.

This is doable. In my example command, LAN = the lan interface (ether1, ether2, etc)

/ip firewall nat add chain=dstnat in-interface=LAN dst-address=old.ip.address action=dst-nat to-addresses=new.ip.address

If you have multiple LAN interfaces and only one WAN, you should change the in-interface to =!WAN in stead of =LAN

Thank you so much for the prompt response. Will try that next week.

If you connect from LAN to WAN, where the external server lives, then IMHO you should set "fake" static local IP in your router and configure all clients to connect to this address. Then you should set rule like ZeroByte suggested
Why IMHO it is better way ?
1. The local IP will be constant forever for your client stations. Easy to mantain no matter what is current address of server. You do not need to remember previous IPs...same configuration regardless current server IP. No problem at all.

2. Rule proposed by ZeroByte masks an old IP which COULD host now services we want to access.

3. If you do not track current stations' configurations for each address change you need new rule for all old server's IPs and the current one.

4. If you want to configure clients accessing server from WAN side, you just need to have static public IP, maybe the same as you have, and set the second rule Voila

BartoszP, you raise a valid point that the old IP could potentially being offering some new service that would be inaccessible to the customers.

I think the OP's stated purpose was to avoid re-configuring the hundreds of clients' configurations, so I think he's going to be stuck translating the oldIP.

If the rule needs to be a little more flexible, it could be adapted to use dst-address-list in stead of a specific destination.
This way it would be easy for scripts to add and remove addresses from the list.

I think the OP's stated purpose was to avoid re-configuring the hundreds of clients' configurations, so I think he's going to be stuck translating the oldIP.

But the future could be easier.

Thank you so much, ZeroByte. Your method works perfectly. The problem is solved

Bartoz did raise a good point though - that the previous IP could now be hosting something that a customer may actually want to go to.

Interestingly - you can now use the old OR the new IP to reach the service. (nat can do interesting things)

You could also NAT a local address --> the new server IP in addition to the old IP, and then gradually re-configure the clients until they're all using the new local NAT address, and then you can remove the old IP from NAT once nobody is using it anymore.

When you switch off (or set it to "nowhere") NAT for an old IP you will know which computers are misconfigured without.
You can add rule to add SRC address to the list for all computers trying to use this NAT rule and you will have all "bad" computers listed.

I would configure a DNS entry for this host on a local DNS server [eg your Mikrotik router] and reconfigure the clients to use the hostname. If you application doesn't support hostnames.....then you have my commiserations!