Hi everyone - loving my new Microtik device but stumped trying to achieve something that should be quite simple. Can any experienced users notice anything obvious I have missed here?
Scenario
Router has 2 ports configured to create 2 different networks
eth1 = WAN
eth2 = Bridge1 (proxy-arp enabled)
eth3 = Bridge2 (proxy-arp enabled)
Bridge1 has a windows AD setup (dhcp, dns by the DC) IP->Network is 10.10.1.0/24
Bridge2 has a more normal setup with DHCP, DNS handles by router IP-Network is 10.10.2.0/24
DHCP Server and DNS Disabled on Bridge 1
DHCP Server and DNS Enabled on Bridge 2
Firewall Allow rule for new & existing connections between 10.10.1.0/24 and 10.10.10.2/24
Firewall Allow rule for new & existing connections between 10.10.2.0/24 and 10.10.10.1/24
For testing, all block rules disabled (Future plan - full access for new connections on Bridge1 to Bridge 2, Only Specific MAC addresses allowed to communicate bride2->bridge1)
Fasttrack disabled for testing
NAT:
Masquerade WAN
Masquerade 10.10.1.0/24
Masquerade 10.10.2.0/24
Hairpin NAT (srcnat source 10.10.1.0/24 dst 10.10.2.0/24)
Everything working fine - All networks able to talk to eachother, NAT to WAN working fine
BUT… I need this Behaviour
I have one machine on Bridge2 that I need to ALSO pretend is on Bridge1
Physical machine: 10.10.2.99
Required IP to access this machine on Bridge 1: 10.10.1.99
(This is a hard requirement - it has been hardcoded into a legacy system, but I cannot connect it physically to Bridge 1)
I tried a NAT RULE
dstNAT dstaddress 10.10.1.99 Action (LOG) to address: 10.10.2.99
This should allow anyone on bridge1 establishing connections to 10.10.1.99 to magically have this routed to 10.10.2.99
BUT the rule never fires
Obviously the intended action does not happen (eg: ping, no response)
Can anyone notice anything obvious I am missing?
Thanks for your help!!!