Problem: One of my servers is configured to only allow connections from the 10.0.10.0/24 subnet, but currently I am on the 10.0.11.0/24 subnet.
Solution: Implement Source Network Address Translation (SRC NAT) in MikroTik.
Frist some backgroud information:
- Server IP address:
10.0.0.2 - Computer IP address:
10.0.11.31 - Interface to contact the server:
server-int
Here’s how to set up SRC NAT in MikroTik:
/ip firewall nat add action=src-nat chain=srcnat dst-address=10.0.0.2 dst-port=22 out-interface=server-int protocol=tcp src-address=10.0.11.31 to-addresses=10.0.10.6 to-ports=0-65535
This command adds a new rule to the NAT chain, to change the source address of packets originating from 10.0.11.31 and destined for 10.0.0.2:22 to the IP 10.0.10.6.
Now I can connect to the server and fix the firewall rules.
table inet filter {
chain input {
tcp dport 22 ct state { new } ip saddr 10.0.0.0/16 counter accept
}
chain output {
tcp sport 22 ip daddr != 10.0.0.0/16 counter drop
}
}