I have 2 internet connections.
WAN:
1.1.1.1/29 for internet (ppoe connection)
172.16.255.10/30 for SIP (The ISP only does sip this way)
LAN:
192.168.100.0/24 for general internet usage on vlan 100
10.0.101.1/24 on vlan 25 for SIP
/ip address
add address=192.168.100.1/24 interface=vlan100
add address=10.0.101.1/24 interface=vlan25
add address=1.1.1.2/29 interface=ppoe-1
add address=172.16.255.10/30 interface=sfp1
/ip route
add distance=1 gateway=1.1.1.1
add distance=1 gateway=172.16.255.9 routing-mark=Phones
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.0.100.0/24
add action=masquerade chain=srcnat src-address=192.168.100.0/24
add action=masquerade chain=srcnat src-address=10.0.101.0/24
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=15443
/ip firewall mangle
add action=dst-nat chain=dstnat dst-port=15443 in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.101.2 to-ports=443
What I am trying to do is that whenever any traffic on vlan25 occurs it goes through the SFP1 interface. That seems to be working fine. My issue is that when I need to manage any devices on VLAN25 I can’t get to it through port forwards since its routed through a non-public facing connection. I have tried a few different ways to get around this with no luck. Any suggestions would be helpful