On Mon, 2013-01-21 at 13:47 -0700, Craig Baird wrote:
> I have a router that I've configured to do 1:1 NAT, using the
> following config:
>
> add action=netmap chain=dstnat disabled=no dst-address=<external IP> \
> in-interface=ftth-vlan5 to-addresses=172.20.2.2
> add action=netmap chain=srcnat disabled=no src-address=172.20.2.2 \
> to-addresses=<external IP>
>
>
> It all works as expected except for one thing. If I try to open an
> SSH session to the external IP, it connects to the MT rather than
> forwarding it through to the internal machine. Note that the internal
> machine is *not* listening for SSH, and I don't need it to. But I
> don't want the MT answering SSH connections on the external IP either.
You don't want action=netmap. If you are trying to forward all ports on
the dst external ip to the private ip (172.20.2.2), then you need to do
this:
/ip firewall nat
add chain=dstnat dst-address=external action=dst-nat \
to-addresses=private in-interface=ftth-vlan5
add chain=srcnat src-address=private action=src-nat \
to-addresses=external
--
********************************************************************
* Butch Evans * Professional Network Consultation *
* http://www.butchevans.com/ * Network Engineering *
* http://store.wispgear.net/ * Wired or Wireless Networks *
* http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! *
* NOTE THE NEW PHONE NUMBER: 702-537-0979 *
********************************************************************
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
