Hi all,
I can figure out how to use this darn SRC or DST address thing, if i have a port setup to forward to a specific IP can i limit it to 2 IP address only? And would it be under SRC or DST address under NAT or Mangle...or both?
Actually is this doable or have i missed the plot?
Setup is as follows
RB750-1 - IP 192.168.88.200 (eth1)
IP 192.168.1.2 (eth5)
PF on port 5900 to go to 192.168.1.5 from ether1 to ether5 (eth5 connects to a switch which is connected to RB750-2)
PC 192.168.1.5
RB750-2 - IP 192.168.1.1 (eth1)
PF setup for VNC to go out via one of two adsl modems (eth2) using PCC
I have tried forwarding to both devices, Im sure this is simple, Do i pf to the RB750-2 or the PC itself, and once its there do i mark it with different routing mark and route it back to the RB750-1? If my thinking is right...where should i start?
-
-
SoroushSoltani
just joined
- Posts: 8
- Joined:
Re: SRC or DST
If you need to redirect x.x.x.x to y.y.y.y you need to do :
IP > Firewall > NAT
General Tab :
Chain : dstnat
Dest. Address : x.x.x.x
Action Tab :
Action : dst-nat
to Addresses : y.y.y.y
you're able to configure which ports allowed for forwarding(dest-nat) .
Thanks .
IP > Firewall > NAT
General Tab :
Chain : dstnat
Dest. Address : x.x.x.x
Action Tab :
Action : dst-nat
to Addresses : y.y.y.y
you're able to configure which ports allowed for forwarding(dest-nat) .
Thanks .
Re: SRC or DST
Hi Soroush!
Thanks for the reply,
I couldnt get any traffic to pass with the IP specified, but it would start when i set it to the ethernet port, is this a routing issue maybe? Basicially i want to make this darn PC accessible from ether1 and im on ether5. The two networks are separate but i can ping everything from RB and the RB from each PC.
RB1 (192.168.88.200-eth1 192.168.1.237-eth5)
RB2
NAT
Mangle
IP Route
I even tried sending the traffic to the 2nd networks Routerboard then NAT'd and mangled it with a route back to the IP it came from. I saw the packets even starting to go on the second routerboard but it wont come back to me, lol
Im probably overcomplicating this thing...
Thanks for the reply,
I couldnt get any traffic to pass with the IP specified, but it would start when i set it to the ethernet port, is this a routing issue maybe? Basicially i want to make this darn PC accessible from ether1 and im on ether5. The two networks are separate but i can ping everything from RB and the RB from each PC.
RB1 (192.168.88.200-eth1 192.168.1.237-eth5)
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat comment="VNC" dst-port=5900 in-interface=\
ether5 protocol=tcp to-addresses=192.168.1.5 to-ports=5900
RB2
NAT
Code: Select all
add action=mark-routing chain=prerouting comment=vnc-5900 disabled=yes \
in-interface=ether10-LAN new-routing-mark=vnc-5900 passthrough=no protocol=\
tcp src-port=5900
Code: Select all
add action=dst-nat chain=dstnat comment="VNC" disabled=yes dst-port=\
5900 in-interface=ether10-LAN protocol=tcp to-addresses=192.168.1.5 \
to-ports=5900
Code: Select all
add check-gateway=ping comment="VNC 5900" distance=1
gateway=192.168.1.237
Im probably overcomplicating this thing...