Destination NAT
- action=dst-nat is an action used in chain=dstnat to redirect incoming traffic to a different IP or port.
- application example: You have a server farm (Web, Mail and SSH) and only one public IP address on the border router. You want to access each server independently from the outside.
dst-nat & redirect
- action=redirect changes the destination port of the traffic to a port on the router itself.
- application example: All http traffic (TCP, port 80) will be forwarded to the router's web proxy via TCP port 8080.
- This concept in other devices is known as port-forwarding
NAT syntax
Add masquerade rule
/ip firewall nat add action=masquerade chain=srcnat
Change the source IP address
add chain=srcnat src-address=192.168.0.109 action=src-nat to-addresses=10.5.8.200
Destination NAT. Redirects all WEB traffic (TCP, port 80) to the router's web proxy on port 8080
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080