NAT Public IP to Public IP with Mikrotik

Question

My target is to route: 192.0.2.1 (public IP) to 192.0.2.2 (another public IP out of my network). I want to route all the ports and protocols, so Mikrotik will just send all the packets there.

I have tried this:

/ip firewall nat add chain=dst-nat dst-address=192.0.2.1 \ action=dst-nat to-addresses=192.0.2.2

/ip firewall nat add chain=src-nat dst-address=192.0.2.2 \ action=masquerade

However it didn't work. May I please know what I'm doing wrong? I should point out that 192.0.2.1 is not connected to any server out there, however 192.0.2.1/24 is in use on the router and some IP's are in use on the servers.

You onlyu use NAT if you must translate between private and public addresses, or you have overlapping addresses. By the way, [IANA has set aside multiple address ranges for examples](https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml) (`192.0.2.0/24`, `198.51.100.0/24`, and `203.0.113.0/24`), and you should use those so that people know you are faking addresses. — Ron Maupin, Jan 06 '20 at 17:07
@RonMaupin I generally need to configure reverse proxy from one IP to another (all ports), and I'm trying to find a way. If you can help, I will appreciate. — dnleiman, Jan 06 '20 at 19:31

score 0 · Answer 1 · answered Jan 07 '20 at 18:29

Usually, I wouldn't recommend that kind of approach to solve, and there are a lot of reasons why: networking issues, performance issues, troubleshooting issues, and so on.

I would try solving that initially with a DNS name resolution or, if it's just a web application, a reverse proxy inside your network (if that's the case, that could also be solved using the DNS approach).

But if you really wanna solve it through RouterOS, try this:

https://forum.mikrotik.com/viewtopic.php?t=96996

Best regards.

LTPCGO · Answer 2 · 2020-01-07T18:28:26.490

-1

This should do it. The top command works using iptables, which is relatively simple in this case as it is for all traffic between two IPs

# iptables -t nat -A OUTPUT -d 192.0.2.1 -j DNAT --to-destination 192.0.2.2

In 'Microtik' format it is:

/ip firewall nat add chain=dstnat action=dst-nat src-address=192.0.2.1 dst-address=192.0.2.1 to-addresses=192.0.2.2

edited Jan 07 '20 at 18:28

answered Jan 07 '20 at 03:27

LTPCGO

508
1
3
15

2

This answer, despite beeing correct imho, is a bit short and has no explanation; try to add some more info to make it useful for as many people as possible. – bjoster Jan 07 '20 at 17:10
1

Expanded to include what command is doing :) – LTPCGO Jan 07 '20 at 17:17
1

User is using RouterOS, not iptables. – Stefano Martins Jan 07 '20 at 18:25
1

@StefanoMartins corrected – LTPCGO Jan 08 '20 at 01:23

NAT Public IP to Public IP with Mikrotik

2 Answers2