Is it possible to implement the substitution of the source address of the incoming packet?

S

SofroN2016-11-30 14:21:00

Computer networks

SofroN, 2016-11-30 14:21:00

Good afternoon.
There are two providers (let's call them ISP_1 and ISP_2 ), each of them comes to its own physical router. ISP_1 on Linux server, ISP_2 on mikrotik.
Rem_Client_1 , Rem_Client_2 - remote clients, there are several hundreds of such clients. Some of the remote clients can only access the external address of ISP_1 . Other clients can access the external addresses ISP_1 and ISP_2 .
Server_1 has the local address of ISP_2 as the gateway . Server_2 has the gateway set to the local address of ISP_1.
Situation 1 everything works correctly, through both providers
If Rem_Client_1 accesses a certain port of ISP_1 it is redirected to Server_1 . In this case, Server_1 sees its address as the local address of ISP_1 .
If Rem_Client_1 accesses a specific ISP_2 port, it is redirected to Server_1 . At the same time, Sever_1 sees its address as the external address of Rem_Client_1 .
Situation 2 - does not work through ISP_2
If Rem_Client_1 is accessing a specific ISP_1 portit redirects to Server_2 . In this case, Server_2 sees its address as the local address of ISP_1 .
If Rem_Client_1 accesses a specific ISP_2 port, it is redirected to Server_2 . At the same time, Sever_2 does not see Rem_Client_1 . (More precisely, it receives packets through ISP_2 , but tries to answer through ISP_1 , as a result, the server program does not display the client as connected)
Addresses of remote clients are dynamic. All others are static.
The only difference in settings between Server_2 and Server_1указаны разные шлюзы.
Возможно ли реализовать подмену адреса источника входящего пакета на микротике?
т.е. пакет приходит на внешний адрес ISP_2 после его обработки микротиком пакет уходит на Sever_2 с адресом источником: локальный адрес ISP_2.

Микротик
nat

chain=dstnat action=dst-nat to-addresses=192.168.1.15 protocol=tcp in-interface=ether1-wan dst-port=3059 log=no log-prefix=""

filter

chain=forward action=accept protocol=tcp dst-address=192.168.1.15 dst-port=3059 log=no log-prefix=""

Маскирование

chain=srcnat action=masquerade out-interface=ether1-wan log=no log-prefix=""

Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;;                                       
      chain=srcnat action=masquerade out-interface=ether1-wan log=no log-prefix="" 

 1    ;;;                         
      chain=srcnat action=masquerade protocol=tcp src-address=192.168.1.0/24 dst-address-list=cam dst-port=80 log=no log-prefix="" 

 2    ;;;      
      chain=srcnat action=masquerade to-addresses=192.168.1.155 protocol=udp dst-address=2.2.2.2 src-address-list=office-networks 
      dst-port=5060,13000-18000 log=no log-prefix="" 

 3    ;;;                
      chain=dstnat action=dst-nat to-addresses=192.168.1.155 protocol=udp dst-port=5060,13000-18000 log=no log-prefix="" 

 4    ;;;        
      chain=dstnat action=dst-nat to-addresses=192.168.1.253 to-ports=8080 protocol=tcp dst-address=192.168.1.254 dst-port=3128 log=yes 
      log-prefix="OLD-PROXY" 

 5    ;;;
      chain=dstnat action=dst-nat to-addresses=192.168.1.15 protocol=tcp in-interface=ether1-wan dst-port=3059 log=no log-prefix="" 

16    ;;;
      chain=dstnat action=dst-nat to-addresses=192.168.1.118 protocol=tcp in-interface=ether1-wan dst-port=3058 log=no log-prefix="" 

17    ;;;          
      chain=dstnat action=dst-nat to-addresses=192.168.1.118 protocol=tcp in-interface=ether1-wan dst-port=5555 log=no log-prefix="" 

18    ;;;          
      chain=dstnat action=dst-nat to-addresses=192.168.1.118 protocol=tcp in-interface=ether1-wan dst-port=8080 log=no log-prefix="" 

19    ;;;
      chain=dstnat action=dst-nat to-addresses=192.168.1.117 protocol=tcp in-interface=ether1-wan dst-port=3057 log=no log-prefix="" 

20    ;;;
      chain=dstnat action=dst-nat to-addresses=192.168.1.116 to-ports=80 protocol=tcp in-interface=ether1-wan dst-port=2349,81 log=no log-prefix="" 

21    ;;;
      chain=dstnat action=dst-nat to-addresses=192.168.1.116 protocol=tcp in-interface=ether1-wan dst-port=3055 log=no log-prefix="" 

22    ;;;
      chain=dstnat action=dst-nat to-addresses=192.168.1.116 protocol=tcp in-interface=ether1-wan dst-port=3053 log=no log-prefix="" 

23    ;;;        
      chain=dstnat action=dst-nat to-addresses=192.168.1.49 protocol=tcp in-interface=ether1-wan dst-port=3070 log=no log-prefix="" 

26    ;;; 
      chain=dstnat action=dst-nat to-addresses=192.168.1.150 protocol=tcp in-interface=ether1-wan dst-port=8118 log=no log-prefix="" 

27    ;;;                  
      chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=192.168.1.0/24 dst-port=80 log=no log-prefix=""

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

athacker, 2016-11-30
@SofroN

Draw on the diagram the IP addresses that appear in the process, otherwise it’s somehow hard to figure it out.
How is traffic redirected?