Routing

Hello, I am a total newbie to MX and I need to set-up a very basic NAT scenario using MX104 with MS-MIC. The setup is really simple - I have /29 a pool of "public" IPs on the external (WAN) side and an internal 192.168.1.0/24 subnet with computers that need an internet access.

I had success with a trivial SNAT scenario, having private network 192.168.1.0/24 SNATed using translation-type { napt-44; } to a pool of "public" IP addresses.

However, from that point, I am facing with troubles. Some clients have misconfigured DNS servers and I need to redirect DNS traffic to Google servers, i.e. to DNAT them to 8.8.8.8.  I have tried different translation types, rule-sets with more rules, multiple service-sets with service-filters, however, without any success.

Could you please give an working example of such trivial NAT setup - i.e. to perform basic SNAT 192.168.1.0/24 (allow internet access) and rewrite/DNAT something (i.e. redirect UDP/53 to 8.8.8.8), both of this NAT translations on an interface facing to internal network?

Thank you very much,

Jan

Hello,

You would need Twice NAT (translation-type twice-napt-44) - BUT - You can redirect to 8.8.8.8 only single misconfigured destination IP (say, if everyone misconfigured 1.1.1.1 as their DNS server). You cannot redirect to 8.8.8.8 EVERYTHING UDP/53 if the misconfigured destination IP is scattered across a subnet (say, 10/8).

This is because the dst NAT component of Twice NAT does static dst translation.

HTH

Thx
Alex