[Mikrotik] 1:1 NAT strangeness

Craig Baird craig at xpressweb.com
Mon Jan 21 14:47:52 CST 2013

I have a router that I've configured to do 1:1 NAT, using the  
following config:

add action=netmap chain=dstnat disabled=no dst-address=<external IP> \
     in-interface=ftth-vlan5 to-addresses=
add action=netmap chain=srcnat disabled=no src-address= \
     to-addresses=<external IP>

It all works as expected except for one thing.  If I try to open an  
SSH session to the external IP, it connects to the MT rather than  
forwarding it through to the internal machine.  Note that the internal  
machine is *not* listening for SSH, and I don't need it to.  But I  
don't want the MT answering SSH connections on the external IP either.

Any ideas?


