search

EvilFreelancer / docker-routeros

Mikrotik RouterOS inside Docker container
https://hub.docker.com/r/evilfreelancer/docker-routeros/
MIT License
369 stars 132 forks source link

dst-nat to another network not work when we have 2 ether #15

Closed mehdihaghshenas closed 7 months ago

mehdihaghshenas commented 2 years ago

I create a docekr-compose like this

services:
    nginx:
        build: docker/nginx
        hostname: asterisk.docker
        # network_mode: none
        cap_add:
          - NET_ADMIN        
        environment:
          - GW=172.16.16.2
        networks:
          lan_net:
            ipv4_address: 172.16.16.3

    routeros:
      build: docker/routeros
      restart: unless-stopped
      cap_add:
        - NET_ADMIN
      devices:
        - /dev/net/tun
      ports:
        - "12222:22"
        - "8291:8291"
        - "12223:23"
        - "18728:8728"
        - "18729:8729"
        - "8090:80"
      networks:
        lan_internal:
          priority: 1000
          ipv4_address: 182.18.18.2
        lan_net:
          priority: 900
          ipv4_address: 172.16.16.2

networks:
    lan_net:
      driver: bridge
      ipam:
        driver: default
        config:
          - subnet: "172.16.16.0/24"
            gateway: 172.16.16.1
    lan_internal:
      ipam:
        driver: default
        config:
          - subnet: "182.18.18.0/24"
            gateway: 182.18.18.1

and in nginx add 

if [ -n "$GW" ]; then
    ip route delete default ;
    ip route add default via $GW ;
fi

and my config is

/disk
set sata1 disabled=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ip address
add address=172.16.16.2/24 interface=ether2 network=172.16.16.0
/ip dhcp-client
add interface=ether1
/ip firewall address-list
add address=182.18.18.2 list=Valid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
    172.16.16.0/24
add action=dst-nat chain=dstnat dst-address-list=Valid dst-port=80\
    in-interface=ether1 protocol=tcp to-addresses=172.16.16.3

but ds-nat to nginx not working

EvilFreelancer commented 2 years ago

Wow, it looks amazing, I've not thought someone will use it for real routing, my plan was only for testing routeros api library.

I will try to reproduce your solution, probably some issues with docker routing or iptables.

mehdihaghshenas commented 2 years ago

I Can mail my sample code for you if you want please inform me to send it to your mail my mail is mhaghshenas@gmail.com thank you so much

EvilFreelancer commented 7 months ago

Not possible to reproduce, i've tried to set up NAT with four network interfaces, here is an example of custom entrypoint.sh.