Mikrotik: Forward local ip to another local ip on specific port
Your computers in the local network try to reach IP addresses within their own subnet directly. Therefore a computer ("Workstation") with the IP address 192.168.0.105
will ignore the default gateway when trying to reach 192.168.0.4
and tries to send tcp packages directly.
This will fail if no other computer is answering Workstations call ("arp request") for the MAC address belonging to 192.168.0.4
- and none will answer, as this IP address is not in use within your local network.
You do have various choices on how to solve it:
- add
192.168.0.4
to an interface on your firewall and use your firewall to re-route those packages - add
192.168.0.4
to an interface on your docker-host and redirect traffic on the docker-host itself - add the redirection of traffic on the docker-host and use
192.168.0.3
directly instead of192.168.0.4
other options may exist.
Related videos on Youtube
halfpastfour.am
I'm a programmer and developer; currently Senior Developer at a company in Gelderland, The Netherlands. My territory: PHP: Laminas/Symfony JS: Node/Vue.js Python: Data science Machine learning, deep learning, AI
Updated on September 18, 2022Comments
-
halfpastfour.am almost 2 years
I'm running a Docker container on a machine on port 8090. Let's say the IP address of that machine is
192.168.0.3
. I want to forward192.168.0.4:80
to192.168.0.3:8090
. The machine is and may only be reachable from within the local network.What I've tried:
/ip firewall nat export add action=dst-nat chain=srcnat dst-address=192.168.0.4 dst-port=80 \ src-address=192.168.0.0/24 to-address=192.168.0.3 to-port=8090 \ protocol=tcp add action=masquerade chain=srcnat dst-address=192.168.0.4 dst-port=80 \ src-address=192.168.0.0/24 protocol=tcp
This doesn't work.
Am I forgetting something? I've got the feeling I'm overlooking something simple but haven't been able to figure out what.
Edit:
The ip address
192.168.0.4
does not resolve to anything in my network. I just want to "assign" and forward it to192.168.0.3:8090
. The reason for this is that I want to setup a local domain name that resolves to the Docker container without having to specify a port.-
Admin over 7 yearsis
192.168.0.4
pingable? if so, does the firewall know about this ip address on one of its interfaces? if so, is the ARP entry for192.168.0.4
the MAC address of your firewall or is it per chance flapping? try last question on a system in the same subnet witharping -I eth0 192.168.0.4
(replace eth0 with the correct interface name if necessary) -
Admin over 7 yearsapart from that: using port forwarding on
192.168.0.3
looks way easier and more transparent to me. -
Admin over 7 yearsThe address is not pingable. Running the
arping
command will surely result in a timeout as well. I will update my question with some additional information.
-
-
Phillip -Zyan K Lee- Stockmann over 7 yearsI would go with option 3, but thats my personal opinion on keeping things simple.