Community discussions

MikroTik App
  4. RouterOS
  5. General

Port redirect

Post Reply
 
juibar
newbie
Topic Author
Posts: 35
Joined: Fri Jul 15, 2005 8:39 am

Port redirect

Wed Nov 08, 2006 1:21 am

Sorry if this has been asked before, but at least I could not find in the forums.

I just want my MT box to identify packets going to port S and replace the port number, such that w.x.y.z:S --> w.x.y.z:T, where w.x.y.z can be ANY IP address.

I tried to do it with the rule below, but it did not work because it looks like the rule expects to have a "known" IP address.
Code: Select all
 ;;; Port redirect
     chain=dstnat protocol=tcp dst-port=2525 action=dst-nat 
     to-addresses=0.0.0.0 to-ports=25
Any ideas?

Thank you,
juibar
Top
 
jo2jo
Forum Guru
Forum Guru
Posts: 1007
Joined: Fri May 26, 2006 1:25 am

Wed Nov 08, 2006 3:46 am

did you try action netmap?

are you using Nat Masquerading?

let me know..

EDIT: i re read your post and i dont understand exactly what you want here...are you saying from your example that:

if a user on your network sends mail (port 25 like in your example) you want the port changed to 2525 and then sent out on the net? if so you need to be on the src-nat chain not dst-nat since the packets you are trying to chang are not "Destin" for your NAT, they are "Destin" for some other router on the net....your NAT is the SOURCE, hince src-nat
Top
 
juibar
newbie
Topic Author
Posts: 35
Joined: Fri Jul 15, 2005 8:39 am

Wed Nov 08, 2006 5:44 am

jo2jo,

I saw your post here: http://forum.mikrotik.com//viewtopic.ph ... p+redirect, but this is not exactly what I want, as the IP address should remain unchanged.

As for your questions, yes, I am using NAT masquerading.

Regarding your edit, I understand what you are saying, but as per the manual, the srcnat chain is applied AFTER routing, whereas I look to change the port number BEFORE routing.

Thanks,
juibar
Top
 
jo2jo
Forum Guru
Forum Guru
Posts: 1007
Joined: Fri May 26, 2006 1:25 am

Wed Nov 08, 2006 6:52 am

hmm.. so you are saying that my smtp thing is what you want, if only the IP stayed the same??...funny as that is EXACTLY what i orginally wanted until i found it easier to force them to MY isp's mail server.....


ur trying to get around port 25 being blocked right? and hoping that the clients email server also listens on 2525?



here is the rule i'm using now:

5 ;;; EMAIL
chain=dstnat src-address=192.168.5.0/24 protocol=tcp dst-port=25
action=netmap to-addresses=205.1xx.xx.xx to-ports=25


I dont have a way of testing it, but what happens if you set the netmap to-address to 0.0.0.0 ...
Top
 
juibar
newbie
Topic Author
Posts: 35
Joined: Fri Jul 15, 2005 8:39 am

Wed Nov 08, 2006 5:30 pm

jo2jo,

Spammers use port 25 to send emails, so I actually want to set our outlook clients to use a different port to send emails, and have the MT box block port 25 and change the port number in email packets back to 25 so that they can be routed normally.

Therefore, I am looking to change the port number while keeping the IP address unchanged. The port numbers in the code I posted are irrelevant, sorry for the confusion. Perhaps I should have posted something like this:
Code: Select all
     ;;; Port redirect
     chain=dstnat protocol=tcp dst-port=P action=dst-nat 
     to-addresses=0.0.0.0 to-ports=25
where P can be any port number.

As for your suggestion, I tested netmap with to-addresses=0.0.0.0 and will not work.

Any other ideas?

Thanks,
juibar
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 99 guests
  4. RouterOS
  5. General