I got device with hardware port isolation so client cannot get each one directly just can reach mikrotik router…
I have NVR inside that network and I have to make it reachable…
How can I reroute traffic thru mikotik … mikrotik can reach each client…
I need to do some sort of nating inside network
For example I requesting mikrotik port 37777 its re-route it to 10.4.1.40 with port 37777 but it does not work like standard port forwarding … there is request at logs but nothing works
From rest of the world Nat rule works fine it works from other vlans because that I can reach client directly and Nat rule works too…
But I cannot reach NVR via NAT rule 10.4.1.1:37777 or 10.1.1.1:37777 it won’t do anything…
Now I use one more remote mikrotik and its reroute that traffic clients goes to remote.router.ip:37777 it NATed to mylocal.router.ip:37777 and everything works to isolated users but I think it bad scenario…
It’s basically the same problem, if you do just dstnat, source address stays the same (10.4.1.30) and because target device thinks that it’s in the same local subnet, it tries to reply directly. But then your isolation kicks in. Add the srcnat rule, target device will see the source as 10.4.1.1 and everything will be fine.
I’ve made src-nat rule with dst-adress 10.4.1.40 dst-port 37777 action masquerade but nothing writes at logs with 10.4.1.30 goes to 10.4.1.40 but there is some info with WAN to LAN access with global rule.
I fix it … any way we need src-nat (I’ve remove WAN ip from rule) rule before than I can connect thru 10.4.1.1:37777 and its works … direct connection still doesn’t work but anyway its better scenario for me than use second MT router.
