Answer the question
In order to leave comments, you need to log in
A
A
A2ROKirill2019-08-07 10:42:23
A2ROKirill, 2019-08-07 10:42:23
How to send incoming packets on Wan interface back through Wan to another IP address?
Good afternoon everyone! There is a Mikrotik MikroTik RB2011iL-RM router. It receives packets from devices on the Internet, how to configure Mikrotik in such a way that if the server that receives these packets for Mikrotik dies, you can redirect them to a backup server located on the Internet at a different Ip address.
1 answer(s)
@hint000
H
hint000, 2019-08-07 @hint000
DNAT + SNAT combination. I'll write iptables rules:
-A PREROUTING -d 1.2.3.4 -p tcp --dport 3389 -j DNAT --to-destination 5.6.7.8
-A POSTROUTING -d 5.6.7.8 -p tcp --dport 3389 -j SNAT -- to-source 1.2.3.4
here 1.2.3.4 is the external ip of the router, 5.6.7.8 is the backup server, 3389 is the port the servers listen on.
In the opposite direction (from the server to the client), you do not need to prescribe anything, it happens automatically.
For universality of the answer, I will add the option when there is simple routing between the client and the main server without DNAT (for example, VPN between branches, and the client goes to the main server via a gray ip):
-A PREROUTING -d 10.10.10.1 -p tcp --dport 3389 - j DNAT --to-destination 5.6.7.8
-A POSTROUTING -d 5.6.7.8 -p tcp --dport 3389 -j SNAT --to-source 1.2.3.4
where 10.10.10.1 is the address of the main server.
Similar questions
T
P
P
S
X
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question