Forward HTTP port on mikrotik 1 to an address on another mikrotik












0














Trying to apply the Hairpin-nat concept on mikrotik1, my config is something like:



/ip firewall nat
add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
action=dst-nat to-address=192.168.2.2
add chain=srcnat out-interface=WAN action=masquerade
add chain=srcnat src-address=192.168.1.0/24
dst-address=192.168.2.2 protocol=tcp dst-port=80
out-interface=LAN action=masquerade


But it doesn't work for me because (i think) 192.168.2.2 is defined on another mikrotik (lets call it mikrotik2), not on this one (mikrotik1) wich the configuration is being applied. Mikrotik1 only routes the 192.168.1.0/24 network, and mikrotik2 only routes the 192.168.2.0/24.
But, the two mikrotik devices are bridged and the addresses are reachable.



Someone can help-me? I don't have any single clue of what to do in this case. How do I forward my internet traffic to port 80 on mikrotik1, to the mikrotik2 lan address?



PS: Both mikrotiks are gateways, each from a provider.



Thanks.










share|improve this question





























    0














    Trying to apply the Hairpin-nat concept on mikrotik1, my config is something like:



    /ip firewall nat
    add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
    action=dst-nat to-address=192.168.2.2
    add chain=srcnat out-interface=WAN action=masquerade
    add chain=srcnat src-address=192.168.1.0/24
    dst-address=192.168.2.2 protocol=tcp dst-port=80
    out-interface=LAN action=masquerade


    But it doesn't work for me because (i think) 192.168.2.2 is defined on another mikrotik (lets call it mikrotik2), not on this one (mikrotik1) wich the configuration is being applied. Mikrotik1 only routes the 192.168.1.0/24 network, and mikrotik2 only routes the 192.168.2.0/24.
    But, the two mikrotik devices are bridged and the addresses are reachable.



    Someone can help-me? I don't have any single clue of what to do in this case. How do I forward my internet traffic to port 80 on mikrotik1, to the mikrotik2 lan address?



    PS: Both mikrotiks are gateways, each from a provider.



    Thanks.










    share|improve this question



























      0












      0








      0







      Trying to apply the Hairpin-nat concept on mikrotik1, my config is something like:



      /ip firewall nat
      add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
      action=dst-nat to-address=192.168.2.2
      add chain=srcnat out-interface=WAN action=masquerade
      add chain=srcnat src-address=192.168.1.0/24
      dst-address=192.168.2.2 protocol=tcp dst-port=80
      out-interface=LAN action=masquerade


      But it doesn't work for me because (i think) 192.168.2.2 is defined on another mikrotik (lets call it mikrotik2), not on this one (mikrotik1) wich the configuration is being applied. Mikrotik1 only routes the 192.168.1.0/24 network, and mikrotik2 only routes the 192.168.2.0/24.
      But, the two mikrotik devices are bridged and the addresses are reachable.



      Someone can help-me? I don't have any single clue of what to do in this case. How do I forward my internet traffic to port 80 on mikrotik1, to the mikrotik2 lan address?



      PS: Both mikrotiks are gateways, each from a provider.



      Thanks.










      share|improve this question















      Trying to apply the Hairpin-nat concept on mikrotik1, my config is something like:



      /ip firewall nat
      add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
      action=dst-nat to-address=192.168.2.2
      add chain=srcnat out-interface=WAN action=masquerade
      add chain=srcnat src-address=192.168.1.0/24
      dst-address=192.168.2.2 protocol=tcp dst-port=80
      out-interface=LAN action=masquerade


      But it doesn't work for me because (i think) 192.168.2.2 is defined on another mikrotik (lets call it mikrotik2), not on this one (mikrotik1) wich the configuration is being applied. Mikrotik1 only routes the 192.168.1.0/24 network, and mikrotik2 only routes the 192.168.2.0/24.
      But, the two mikrotik devices are bridged and the addresses are reachable.



      Someone can help-me? I don't have any single clue of what to do in this case. How do I forward my internet traffic to port 80 on mikrotik1, to the mikrotik2 lan address?



      PS: Both mikrotiks are gateways, each from a provider.



      Thanks.







      networking routing port-forwarding nat mikrotik-routeros






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 14 at 21:54









      Duncan X Simpson

      1,093821




      1,093821










      asked Feb 4 '16 at 19:29









      Eduardo Augusto Alves Ayres

      135




      135






















          1 Answer
          1






          active

          oldest

          votes


















          1














          Check that port 80 is not already in use by mikrotik1 (ip/services/disable http)



          Also, you talk about bridging the two mikrotiks... I think this is a mistake, remove the bridge and add a route to 192.168.2.0/24 on mikrotik1, and a route to 192.168.1.0/24 on mikrotik2 if they don't exist already.
          Mikrotik2 has to have also mikrotik1 as default gateway.



          Then, you will only need



          /ip firewall nat
          add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
          action=dst-nat to-address=192.168.2.2


          Assuming that 1.1.1.1 is your WAN address.



          [edit]



          If Mikrotik1 is not Mikrotik2's gateway, you will have to add scr-nat



          /ip firewall nat
          add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80
          action=src-nat to-address=[IP_LAN_MT1]


          Where IP_LAN_MT1 is the internal IP of Mirotik1






          share|improve this answer























          • Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
            – Eduardo Augusto Alves Ayres
            Feb 5 '16 at 12:12










          • edited my reply adding src-nat rule
            – Benoit PHILIPPON
            Feb 6 '16 at 14:28










          • No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
            – Eduardo Augusto Alves Ayres
            Feb 12 '16 at 16:51












          • Is 192.168.2.253 the Mikrotik1 LAN address?
            – Benoit PHILIPPON
            Feb 14 '16 at 16:25










          • Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
            – Eduardo Augusto Alves Ayres
            Feb 15 '16 at 12:02











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1035749%2fforward-http-port-on-mikrotik-1-to-an-address-on-another-mikrotik%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          Check that port 80 is not already in use by mikrotik1 (ip/services/disable http)



          Also, you talk about bridging the two mikrotiks... I think this is a mistake, remove the bridge and add a route to 192.168.2.0/24 on mikrotik1, and a route to 192.168.1.0/24 on mikrotik2 if they don't exist already.
          Mikrotik2 has to have also mikrotik1 as default gateway.



          Then, you will only need



          /ip firewall nat
          add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
          action=dst-nat to-address=192.168.2.2


          Assuming that 1.1.1.1 is your WAN address.



          [edit]



          If Mikrotik1 is not Mikrotik2's gateway, you will have to add scr-nat



          /ip firewall nat
          add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80
          action=src-nat to-address=[IP_LAN_MT1]


          Where IP_LAN_MT1 is the internal IP of Mirotik1






          share|improve this answer























          • Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
            – Eduardo Augusto Alves Ayres
            Feb 5 '16 at 12:12










          • edited my reply adding src-nat rule
            – Benoit PHILIPPON
            Feb 6 '16 at 14:28










          • No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
            – Eduardo Augusto Alves Ayres
            Feb 12 '16 at 16:51












          • Is 192.168.2.253 the Mikrotik1 LAN address?
            – Benoit PHILIPPON
            Feb 14 '16 at 16:25










          • Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
            – Eduardo Augusto Alves Ayres
            Feb 15 '16 at 12:02
















          1














          Check that port 80 is not already in use by mikrotik1 (ip/services/disable http)



          Also, you talk about bridging the two mikrotiks... I think this is a mistake, remove the bridge and add a route to 192.168.2.0/24 on mikrotik1, and a route to 192.168.1.0/24 on mikrotik2 if they don't exist already.
          Mikrotik2 has to have also mikrotik1 as default gateway.



          Then, you will only need



          /ip firewall nat
          add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
          action=dst-nat to-address=192.168.2.2


          Assuming that 1.1.1.1 is your WAN address.



          [edit]



          If Mikrotik1 is not Mikrotik2's gateway, you will have to add scr-nat



          /ip firewall nat
          add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80
          action=src-nat to-address=[IP_LAN_MT1]


          Where IP_LAN_MT1 is the internal IP of Mirotik1






          share|improve this answer























          • Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
            – Eduardo Augusto Alves Ayres
            Feb 5 '16 at 12:12










          • edited my reply adding src-nat rule
            – Benoit PHILIPPON
            Feb 6 '16 at 14:28










          • No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
            – Eduardo Augusto Alves Ayres
            Feb 12 '16 at 16:51












          • Is 192.168.2.253 the Mikrotik1 LAN address?
            – Benoit PHILIPPON
            Feb 14 '16 at 16:25










          • Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
            – Eduardo Augusto Alves Ayres
            Feb 15 '16 at 12:02














          1












          1








          1






          Check that port 80 is not already in use by mikrotik1 (ip/services/disable http)



          Also, you talk about bridging the two mikrotiks... I think this is a mistake, remove the bridge and add a route to 192.168.2.0/24 on mikrotik1, and a route to 192.168.1.0/24 on mikrotik2 if they don't exist already.
          Mikrotik2 has to have also mikrotik1 as default gateway.



          Then, you will only need



          /ip firewall nat
          add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
          action=dst-nat to-address=192.168.2.2


          Assuming that 1.1.1.1 is your WAN address.



          [edit]



          If Mikrotik1 is not Mikrotik2's gateway, you will have to add scr-nat



          /ip firewall nat
          add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80
          action=src-nat to-address=[IP_LAN_MT1]


          Where IP_LAN_MT1 is the internal IP of Mirotik1






          share|improve this answer














          Check that port 80 is not already in use by mikrotik1 (ip/services/disable http)



          Also, you talk about bridging the two mikrotiks... I think this is a mistake, remove the bridge and add a route to 192.168.2.0/24 on mikrotik1, and a route to 192.168.1.0/24 on mikrotik2 if they don't exist already.
          Mikrotik2 has to have also mikrotik1 as default gateway.



          Then, you will only need



          /ip firewall nat
          add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80
          action=dst-nat to-address=192.168.2.2


          Assuming that 1.1.1.1 is your WAN address.



          [edit]



          If Mikrotik1 is not Mikrotik2's gateway, you will have to add scr-nat



          /ip firewall nat
          add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80
          action=src-nat to-address=[IP_LAN_MT1]


          Where IP_LAN_MT1 is the internal IP of Mirotik1







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 6 '16 at 14:10

























          answered Feb 5 '16 at 8:18









          Benoit PHILIPPON

          23613




          23613












          • Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
            – Eduardo Augusto Alves Ayres
            Feb 5 '16 at 12:12










          • edited my reply adding src-nat rule
            – Benoit PHILIPPON
            Feb 6 '16 at 14:28










          • No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
            – Eduardo Augusto Alves Ayres
            Feb 12 '16 at 16:51












          • Is 192.168.2.253 the Mikrotik1 LAN address?
            – Benoit PHILIPPON
            Feb 14 '16 at 16:25










          • Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
            – Eduardo Augusto Alves Ayres
            Feb 15 '16 at 12:02


















          • Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
            – Eduardo Augusto Alves Ayres
            Feb 5 '16 at 12:12










          • edited my reply adding src-nat rule
            – Benoit PHILIPPON
            Feb 6 '16 at 14:28










          • No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
            – Eduardo Augusto Alves Ayres
            Feb 12 '16 at 16:51












          • Is 192.168.2.253 the Mikrotik1 LAN address?
            – Benoit PHILIPPON
            Feb 14 '16 at 16:25










          • Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
            – Eduardo Augusto Alves Ayres
            Feb 15 '16 at 12:02
















          Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
          – Eduardo Augusto Alves Ayres
          Feb 5 '16 at 12:12




          Right, but I cant put Mikrotik2 to have mikrotik1 as default gateway. There are two distinct WANs, 1.1.1.1 and 2.2.2.2 , and I route them by mk1 and mk2 respectively. What should I do? Thanks
          – Eduardo Augusto Alves Ayres
          Feb 5 '16 at 12:12












          edited my reply adding src-nat rule
          – Benoit PHILIPPON
          Feb 6 '16 at 14:28




          edited my reply adding src-nat rule
          – Benoit PHILIPPON
          Feb 6 '16 at 14:28












          No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
          – Eduardo Augusto Alves Ayres
          Feb 12 '16 at 16:51






          No change buddy, here: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.2.2 add chain=srcnat out-interface=WAN action=masquerade add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.2.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade add chain=srcnat dst-address=192.168.2.2 protocol=tcp dst-port=80 action=src-nat to-address=192.168.2.253 no effect :/ PS: linebreak markups dont work, sorry
          – Eduardo Augusto Alves Ayres
          Feb 12 '16 at 16:51














          Is 192.168.2.253 the Mikrotik1 LAN address?
          – Benoit PHILIPPON
          Feb 14 '16 at 16:25




          Is 192.168.2.253 the Mikrotik1 LAN address?
          – Benoit PHILIPPON
          Feb 14 '16 at 16:25












          Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
          – Eduardo Augusto Alves Ayres
          Feb 15 '16 at 12:02




          Correct, the LAN address that connects the two mk's on mk1 is 192.168.2.253 and on mk2 is 192.168.1.253, reserved and static adresses.
          – Eduardo Augusto Alves Ayres
          Feb 15 '16 at 12:02


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1035749%2fforward-http-port-on-mikrotik-1-to-an-address-on-another-mikrotik%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Probability when a professor distributes a quiz and homework assignment to a class of n students.

          Aardman Animations

          Are they similar matrix