I have a ZeroTier network setup for VPN. This was the easiest option to get remote access in a dual WAN (Starlink + Telekom VDSL) with the original routers in place and all dynamic addresses. On the remote network ZeroTier is setup on a RB3011.
Network setup: admin Mac (ZeroTier address 192.168.193.227) ↔ ZeroTier network 192.168.193.0/24 ↔ RB3011 (ZeroTier address 192.168.193.222, LAN address 192.168.0.2) ↔ remote LAN 192.168.0.0/24 ↔ another mikrotik (192.168.0.1)
Now I can perfectly fine access the 192.168.193.222 box. But I also want to access another device on the remote LAN, 192.168.0.1 (I cannot setup ZeroTier on it).
So this works:
- on the admin Mac: ssh admin@192.168.193.222 -L 8291:192.168.0.1:8291
- and then I can use WinBox with localhost:8291 to access 192.168.0.1:8291 in the remote network.
What I would like is to configure a port forward on the RB3011 to map to the remote device on the LAN. So on 192.168.193.222:8292 to map to 192.168.0.1:8291.
I would be even better to use 192.168.193.1 to map all ports to 192.168.0.1.
I have tried the following NAT rule but that does not work:
/ip/firewall/nat> print detail
Flags: X - disabled, I - invalid; D - dynamic
0 chain=srcnat action=masquerade protocol=tcp src-address=192.168.0.0/24 dst-address=192.168.0.1 out-interface=LAN log=yes
1 chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=80 protocol=tcp dst-address=192.168.193.222 in-interface=zerotier1 dst-port=81 log=yes