Hello,
I have a NAT port forward for TCP/443 into an internal host. All good from outside.
When I point my browser, on the internal network, to the WAN IP then the Mikrotik console comes up on port 443 and not the forwarded port.
How can I change this? The only config change over vanilla is adding the NAT:
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" log=yes log-prefix=ICMP protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related log-prefix="ACCEPT REL"
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1 log=yes log-prefix=DROP
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related log-prefix="ACCEPT FDD"
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log=yes log-prefix="DROP INVALID"
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1 log=yes log-prefix=DROPNAT
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1 log=yes log-prefix=NATFWD443 protocol=tcp to-addresses=10.0.1.200 to-ports=443