Hi, all!
I have RB951G-2HnD and I this is my configuration:
ether1 - get settings auto from provider
ether2-3 combine to bridge and have dhcp server 192.168.148.0/24 with gateway 192.168.148.5/24 (internal network)
ether4-5 + wlan combine to bridge and have dhcp server 192.168.55.0/24 with gateway 192.168.5.5/24 (external network)
I want to forward rdp from ehter1 to ip address in internal network (like 192.168.148.50)
So I add rule to NAT (like at default configuration) and add simple rules to /ip firewall filter
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=input action=accept connection-state=established,related,untracked
log=no log-prefix=""
2 chain=input action=drop connection-state=invalid log=no log-prefix=""
3 chain=input action=accept protocol=icmp log=no log-prefix=""
4 chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
5 chain=forward action=accept connection-state=established,related,untracked
log=no log-prefix=""
6 chain=forward action=drop connection-state=invalid log=no log-prefix=""
Where I did mistake?
And how to fix it?
In default configuration there are no problem(ether2-ether5 + wlan ports in one bridge+ether1 have auto ip settings):
just add rule to NAT
chain=dstnat action=dst-nat to-addresses=192.168.148.50 to-ports=3389
protocol=tcp dst-address=25.50.154.4 in-interface=ether1 dst-port=33333
log=yes log-prefix=""