Answer the question
In order to leave comments, you need to log in
Is it possible to implement the substitution of the source address of the incoming packet?
Good afternoon.
There are two providers (let's call them ISP_1 and ISP_2 ), each of them comes to its own physical router. ISP_1 on Linux server, ISP_2 on mikrotik.
Rem_Client_1 , Rem_Client_2 - remote clients, there are several hundreds of such clients. Some of the remote clients can only access the external address of ISP_1 . Other clients can access the external addresses ISP_1 and ISP_2 .
Server_1 has the local address of ISP_2 as the gateway . Server_2 has the gateway set to the local address of ISP_1.
Situation 1 everything works correctly, through both providers
If Rem_Client_1 accesses a certain port of ISP_1 it is redirected to Server_1 . In this case, Server_1 sees its address as the local address of ISP_1 .
If Rem_Client_1 accesses a specific ISP_2 port, it is redirected to Server_1 . At the same time, Sever_1 sees its address as the external address of Rem_Client_1 .
Situation 2 - does not work through ISP_2
If Rem_Client_1 is accessing a specific ISP_1 portit redirects to Server_2 . In this case, Server_2 sees its address as the local address of ISP_1 .
If Rem_Client_1 accesses a specific ISP_2 port, it is redirected to Server_2 . At the same time, Sever_2 does not see Rem_Client_1 . (More precisely, it receives packets through ISP_2 , but tries to answer through ISP_1 , as a result, the server program does not display the client as connected)
Addresses of remote clients are dynamic. All others are static.
The only difference in settings between Server_2 and Server_1указаны разные шлюзы.
Возможно ли реализовать подмену адреса источника входящего пакета на микротике?
т.е. пакет приходит на внешний адрес ISP_2 после его обработки микротиком пакет уходит на Sever_2 с адресом источником: локальный адрес ISP_2.
Микротик
nat
chain=dstnat action=dst-nat to-addresses=192.168.1.15 protocol=tcp in-interface=ether1-wan dst-port=3059 log=no log-prefix=""
chain=forward action=accept protocol=tcp dst-address=192.168.1.15 dst-port=3059 log=no log-prefix=""
chain=srcnat action=masquerade out-interface=ether1-wan log=no log-prefix=""
Flags: X - disabled, I - invalid, D - dynamic
0 ;;;
chain=srcnat action=masquerade out-interface=ether1-wan log=no log-prefix=""
1 ;;;
chain=srcnat action=masquerade protocol=tcp src-address=192.168.1.0/24 dst-address-list=cam dst-port=80 log=no log-prefix=""
2 ;;;
chain=srcnat action=masquerade to-addresses=192.168.1.155 protocol=udp dst-address=2.2.2.2 src-address-list=office-networks
dst-port=5060,13000-18000 log=no log-prefix=""
3 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.155 protocol=udp dst-port=5060,13000-18000 log=no log-prefix=""
4 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.253 to-ports=8080 protocol=tcp dst-address=192.168.1.254 dst-port=3128 log=yes
log-prefix="OLD-PROXY"
5 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.15 protocol=tcp in-interface=ether1-wan dst-port=3059 log=no log-prefix=""
16 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.118 protocol=tcp in-interface=ether1-wan dst-port=3058 log=no log-prefix=""
17 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.118 protocol=tcp in-interface=ether1-wan dst-port=5555 log=no log-prefix=""
18 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.118 protocol=tcp in-interface=ether1-wan dst-port=8080 log=no log-prefix=""
19 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.117 protocol=tcp in-interface=ether1-wan dst-port=3057 log=no log-prefix=""
20 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.116 to-ports=80 protocol=tcp in-interface=ether1-wan dst-port=2349,81 log=no log-prefix=""
21 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.116 protocol=tcp in-interface=ether1-wan dst-port=3055 log=no log-prefix=""
22 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.116 protocol=tcp in-interface=ether1-wan dst-port=3053 log=no log-prefix=""
23 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.49 protocol=tcp in-interface=ether1-wan dst-port=3070 log=no log-prefix=""
26 ;;;
chain=dstnat action=dst-nat to-addresses=192.168.1.150 protocol=tcp in-interface=ether1-wan dst-port=8118 log=no log-prefix=""
27 ;;;
chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=192.168.1.0/24 dst-port=80 log=no log-prefix=""
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question