I have started to put a CHR trial into my chicago cloud and so far from the performance etc. it looks amazing. FINALLY I can move that part over to Mikrotik from a WIndows Server RRAS install. No, there was no real chance to put mikrotik there before - we use HyperV and hardware is not an option with remote data centers often. Anyhow, CHR works.
What does not work is one criticial element - NAT. SRCNAT to be exact.
I have 3 NAT entries:
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; DNat: http
chain=dstnat action=dst-nat to-addresses=XXXXXXx protocol=tcp
dst-address=XXXXX dst-port=80 log=no log-prefix=“”
1 ;;; DNat: https
chain=dstnat action=dst-nat to-addresses=XXXXX protocol=tcp
dst-address=XXXXXXX dst-port=443 log=no log-prefix=“”
2 chain=srcnat action=masquerade connection-limit=100,32
out-interface=internet log=no log-prefix=“”
The first 2 work - they handle incoming traffic for a web server. The thrd one is my problem - no NAT happens a tall on outgoing traffic. The counters are flat (0 bytes, 0 packets). Which means none of the machines behing Mikrotik can actually reach out to the internet (to download data etc.)… anyone an idea what is broken here?