Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Access to client without gateway by NAT  [SOLVED]

Locked
 
ookonek
just joined
Topic Author
Posts: 9
Joined: Mon Mar 14, 2016 12:55 pm

Access to client without gateway by NAT

Tue Jun 19, 2018 2:16 pm

Hi everyone...

I have problem with DST-NAT...
I must access to some device by other address ip (192.168.21.215). I must do that becouse I can't use in my LAN subnet like 192.168.1.X.

Anyone have idea how can I do this?

When I am testing on other device this work when I set GW, but that's not what I need:
Code: Select all
/ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.21.215 dst-port=80 protocol=tcp to-addresses=192.168.1.212 to-ports=80
Image

My configuration:
Code: Select all
/ip address
add address=192.168.13.117/24 interface=ether1 network=192.168.13.0
add address=192.168.21.215 interface=bridge-custom-management network=192.168.21.215
add address=192.168.1.2/24 interface=bridge-fake network=192.168.1.0

/interface bridge port
[...]
add bridge=bridge-fake interface=ether5

/ip route
add distance=1 gateway=192.168.13.1
add distance=1 dst-address=192.168.1.212/32 gateway=bridge-fake
You do not have the required permissions to view the files attached to this post.
Last edited by ookonek on Tue Jun 19, 2018 2:34 pm, edited 1 time in total.
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Access to client without gateway by NAT

Tue Jun 19, 2018 2:22 pm

You have to use self IP from same subnet that your lan device have. Without it, there is no way to reply the traffic from another subnet without gateway set.
Top
 
ookonek
just joined
Topic Author
Posts: 9
Joined: Mon Mar 14, 2016 12:55 pm

Re: Access to client without gateway by NAT

Tue Jun 19, 2018 2:42 pm

You have to use self IP from same subnet that your lan device have. Without it, there is no way to reply the traffic from another subnet without gateway set.
Thanks for reply but I not sure I understand you. What do you mean about use self IP? I added address 192.168.1.2/24 and mikrotik of course can ping 192.168.1.212 device.
But when I open 192.168.21.215 I don't see website.
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Access to client without gateway by NAT

Tue Jun 19, 2018 3:20 pm

You have to use self IP from same subnet that your lan device have. Without it, there is no way to reply the traffic from another subnet without gateway set.
Thanks for reply but I not sure I understand you. What do you mean about use self IP? I added address 192.168.1.2/24 and mikrotik of course can ping 192.168.1.212 device.
But when I open 192.168.21.215 I don't see website.
Of course you can't, the web server don't have a gateway to any other subnet.

I meant your IP address must be from range of 192.168.1.0/24 or something smaller but in same subnet with IP 192.168.1.212, f.e. 192.168.1.0/24, 192.168.1.128/25, 192.168.1.192/26, 192.168.1.208/29.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Access to client without gateway by NAT  [SOLVED]

Tue Jun 19, 2018 6:45 pm

Just add some srcnat, e.g.:
Code: Select all
/ip firewall nat
add chain=srcnat dst-address=192.168.1.212 action=masquerade
And you don't need the route to 192.168.1.212/32, automatic connected route comes from 192.168.1.2/24.
Top
 
ookonek
just joined
Topic Author
Posts: 9
Joined: Mon Mar 14, 2016 12:55 pm

Re: Access to client without gateway by NAT

Wed Jun 20, 2018 9:04 am

Just add some srcnat, e.g.:
Code: Select all
/ip firewall nat
add chain=srcnat dst-address=192.168.1.212 action=masquerade
And you don't need the route to 192.168.1.212/32, automatic connected route comes from 192.168.1.2/24.
I don't know how it work, but it work! :)
Thanks Sob!
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Access to client without gateway by NAT

Wed Jun 20, 2018 5:09 pm

It's simple NAT, it changes source address, anything coming to device looks like it's from 192.168.1.2, so it's reachable and device knows where it can send replies.
Top
Locked
  4. RouterOS
  5. Beginner Basics