How to transfer the connection address in Mikrotik?

D

DominuS_RU2017-02-19 13:32:51

Mikrotik

DominuS_RU, 2017-02-19 13:32:51

Hello, I have a mikrotik hap ac at my disposal.
There is a linux server on the network, to which access from the outside is allowed - SSH, but when connecting to Linux, the connection address is the address of the router.
That is: we connect from the address 3.3.3.3 to the address 2.2.2.2 - the external static address is the address of the microtic, but at the same time Linux sees the connection from 192.168.0.1 - the address of the router in the local network.
Question: how to make the real address from which the connection is made transmitted?
Last command output, connections from 192.168.0.1 are external connections. Connections from 192.168.0.113 are internal, everything is fine with them.

Linux rules:
6 ;;; University Debian
chain=dstnat action=netmap to-addresses=192.168.0.17 to-ports=22 protocol=tcp dst-address=in-interface_address_was_here=ether1 dst-port=22101 log=no
log-prefix=""
8 chain=dstnat action =dst-nat to-addresses=192.168.0.17 to-ports=22 protocol=tcp src-address=192.168.0.0/24 dst-address=dst-port=22101 log=n>
log-prefix=""

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Romanov, 2017-02-19
@moneron89

First, you'll decide what you're using the srcnat chain for. If your server has a default gateway, then src-nat to the internal network is not only not needed, but it is also a security hole. If you have only one provider, leave only one src-nat rule (line 14), and remove all the others, because they are not needed. Then the correct translation will be created in your connections and the packet will arrive with the real source address, and not with the translated one. And replace netmap with dst-nat. Nothing will change, but it will be better this way. Netmap is needed for other much more complex purposes.