Hi,

I've been playing around with routeros v7 for some time. I see there is a lot of things that do not work as expected.
So simple things that worked in ros6 does seem to be working.

Can someone share a working SNAT/DNAT setup with a host sharing a from from vrf ?

lets assume:
10.255.255.254 IP of test host
10.255.255.1 LAN IP of MT ROS7 (VRF1)
1.1.1.1 WAN IP (may be on loopback or physical WAN)

I want to :
- put LAN in VRF1 (10.255.255.0/24)
- leak/add default route (from main) to VRF1 in VRF1 routing table.
- SNAT traffic from VRF1 going to "Internet" (vrf main)
- DNAT for example public WAN port 1.1.1.1:tcp/22 -> 10.255.255.254:22 (from main to VRF1)
- if it is needed I can loop two phusical interfaces to make a physcal bridge from main to VRF1.

I tried a lot of things the best I could do is either SNAT was working but then DNAT wasnt ... or vice versa ... so posting anything here has no sense.

I am kindly asking you guys for a working mnimal basic example.

Regards,

1) make routing mark at mangle prerouting for public WAN port 1.1.1.1:tcp/22
2) dnat using routing mark 1.1.1.1:tcp/22 -> 10.255.255.254:22