Scenario:
I need to reach RB3 on webfig (port 80) via http://88.88.88.88:8088
RB1:
/ip route
add dst-address=10.0.0.0/24 gateway=192.168.1.10
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=8088 in-interface=ether6 protocol=tcp to-addresses=10.0.0.2 to-ports=80
RB2 (wan is LTE):
Nothing more than dynamically created routes (LTE. l2tp and attached 10.0.0.0)
RB3:
Blank config , just 10.0.0.2/24 eth0 and default route to 10.0.0.1
Of course I see caller packets arriving to 10.0.0.2 but it answer back to caller public ip address causing answer to be lost somewhere.
I got it working by adding a masqerade rule on RB1, just next to dst-nat one:
add action=masquerade chain=srcnat dst-address=10.0.0.0/24
(very similar to my last post about RDP over L2TP).
But what if I don't want or I can't add a masquerade rule on RB1 ?
It probably should be replaced by a different brand/model machine by other maintainer..
Thank you.