Hi all,
This seems like it has a simple solution yet I can’t seem to figure it out.
Just some context to my setup, I often have to remotely turn on my PC at home so I set up a WOL script on a RPi on my network which I trigger with an SSH shortcut on my iPhone. To be able to access the IP I have an A Name setup and the RPi updates the DNS record. This work perfectly when I am not on my home network but when I am on my home network and I trigger it, the connection is refused and the following is recorded in the Mikrotik’s logs “dstnat: in:bridge1 out:(unknown 0), src-mac be:61::::, proto TCP (SYN), phone_ip:55033->home_ip:pi_ssh_port, len 64”
In terms of config my Rb5009 is laid out very simply, Port 2-4 make up bridge1 which is my LAN and then port 5 is used as the WAN port for the feed from my ONT.
Just hoping someone can point me in the right direction. I went the route of adding a static DNS entry but that doesn’t seem to be the answer.
I’ve got a very barebones firewall setup as can be seen below.
/ip firewall filter
add action=accept chain=input comment=“accept established,related,untracked”
connection-state=established,related,untracked
add action=drop chain=input comment=“drop invalid” connection-state=invalid
add action=accept chain=input comment=“accept ICMP” protocol=icmp
add action=drop chain=input comment=“drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“accept established,related, untracked”
connection-state=established,related,untracked
add action=drop chain=forward comment=“drop invalid” connection-state=invalid
add action=accept chain=forward comment=“accept in ipsec policy” ipsec-policy=
in,ipsec
add action=accept chain=forward comment=“accept out ipsec policy” ipsec-policy=
out,ipsec
add action=drop chain=forward comment=“drop all from WAN not DSTNATed”
connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment=PiSSH dst-port=pi_ssh_port log=yes protocol=
tcp to-addresses=pi_ip to-ports=pi_ssh_port
Thanks in advance