Can I use port forwarding without the rest of NAT?

If your devices acting as servers for the services to be port forwarded allow adding multiple IP addresses (/32 addresses are enough), you can use the help of proxy-arp.

Let’s say the LAN of the ZTE has 192.168.10.0/24, with 192.168.10.1 being the ZTE router and 192.168.10.2 is the WAN address of the MikroTik router. You’ll need to set ARP mode on the WAN interface to proxy-arp.

The LAN (or VLANs) of the MikroTik router still keep their normal address ranges and DHCP Server configuration (for example 192.168.20.0/24 etc…), but you will now manually add additional static IP addresses in the 192.168.10.0/24 range to your individual servers (beside their existing addresses in the 192.168.20.0/24 range), for instance 192.168.10.11 to eth0 of Server X, 192.168.10.12 to eth0 of NAS Y, etc…

Then on the MikroTik router, add static /32 entries (together with static /32 network) to /ip address table on the corresponding LAN/VLAN interfaces


/ip address
add address=10.20.30.41 interface=bridge1 network=192.168.10.11
add address=10.20.30.42 interface=vlan90 network=192.168.10.12

Then adjust the firewall filter table to allow forwarding from WAN to 192.168.10.11, 192.168.10.12, etc…

Now you’ll only need to setup port forwarding on the ZTE router, with the target 192.168.10.11, 192.168.10.12, etc… and don’t have double NAT. The ZTE router, when trying to find the MAC addresses for 192.168.10.11, 192.168.10.12, etc… will get the MikroTik router’s WAN port MAC address and forward the packets to the MikroTik router, which then use the /32 routes to forward the packets to the target servers.