I have problem with network configuration.
I configured my router in a way that some ports are assigned to a separate switch, and are using different network. So I have following network interfaces:
- sfp - external fiber connection
- internal-bridge - first switch with network: 10.1.0.0/16
- external-bridge - second switch with network: 10.100.1.0/24
I also have dns configured in a following way:
- mydomain.com points to ip of sfp interface in external dns server
- mikrotik has static dns entry mydoimain.com → 10.100.1.1
One host in external network is a web server, which runs an https service on port 8443 (for unrelated reasons it cannot be done on port 443).
Traffic from sfp to any bridge goes through NAT, so that I can do port forwarding (external port 443 to 10.100.1.1 port 8443).
With the configuration above, from external network it is possible to go to https://mydomain.com, without specifying the port number. Router will translate the port number for external connections.
However from my internal network I cannot connect to https://mydomain.com, because static dns entry resolves that to internal ip, so the NAT rules are not used - router is just using routing table to forward the traffic and the port is not changed from 443 to 8443.
Can it be done without NAT (like using pre or postrouting chain or something like that)?
I would need to change IP traffic that goes between 10.1.0.0/16 and 10.100.1.0/24 networks:
- from: 10.100.1.0/24, to: 10.100.1.1:443 - change dst port to 8443
- from: 10.100.1.1:8443, to: 10.100.1.0/24 - change srt port to 443