0

Is there a way to do a simple task, NAT from one public IP and specific port to another public IP and another port, reason to do this is that 2nd IP is blocked by our client's ISP, and the 1st IP (on Mikrotik) is not blocked. I heard about linux tool called rinetd which allows to do this easily, but unfortunately Mikrotik doesn't have that package.

Thanks in advance!

Alexander Shvalov
  • 1
  • 1
  • 2

2 Answers2

2

You just do a dst-nat to the new IP and then an src-nat to the IP of the router.

You don't need rinetd for this, IP > Firewall > NAT can support this directly.

Here are some example rules:

/ip firewall nat add chain=dst-nat dst-address=OLD_PUBLIC_IP protocol=tcp dst-port=80 \
action=dst-nat to-addresses=NEW_PUBLIC_IP to-ports=80

/ip firewall nat add chain=src-nat dst-address=NEW_PUBLIC_IP protocol=tcp dst-port=80 \
action=masquerade

First you do a Destination NAT for all packets coming to OLD_PUBLIC_IP to TCP Port 80, to NEW_PUBLIC_IP to port 80.

Then you do a Source NAT (masquerade) for all packets destined to NEW_PUBLIC_IP to TCP Port 80 so that the server running on the new IP knows where to return the packets.

This - as well as rinetd - will cause all redirected connections to the new IP to have the source address of the MikroTik router instead of the original Client's IP.

Edit: Rereading your question, I am not sure if I understood it correctly. Probably my answer is offtopic?

Cha0s
  • 2,432
  • 2
  • 15
  • 26
0

There is no difference when you NAT. Do this same as when you NAT a public IP address to a private IP address.

Reza Ghodsi
  • 83
  • 1
  • 1
  • 3
  • There is no difference to the NAT functionality. However it possible the network is configured to route internal and external IP addresses differently. In particular it is critical that return traffic is routed through the NAT as well. If only traffic in one direction is routed through the NAT it will not work. – kasperd Oct 16 '16 at 21:43