Hello Sob.
There’re only two rules to redirect all dns requests to mikrotik:
chain=dstnat action=dst-nat to-addresses=10.2.0.1 to-ports=53 protocol=tcp in-interface=bridge dst-port=53 log=no log-prefix=""
chain=dstnat action=dst-nat to-addresses=10.2.0.1 to-ports=53 protocol=udp in-interface=bridge dst-port=53 log=no log-prefix=""
The point is – I’d like to be able to scan my mikrotik router’s external interface from any lan clients.
Exactly i’d like to scan nmap -sS -Pn -vvv -O external_ip and see the external interface, not the 10.2.0.1 I see now with open tcp/80 and tcp/8291 ports. And pointing to internal 10.2.0.1 ip I’d like to see all open ports as they should be.
nmap -sS -Pn -vvv -O external_ip
These should allow me to see all ports on the external interface of mikrotik