hey guys,
i have installed mikrotik on existing network.
Mikrotik ccr1036=====>Fortigate firewall==========>Layer 2 switch
Mikrotik LAN 192.168.50.1 255.255.255.0 & WAN PPPOE
fortigate firewall WAN static IP 192.168.50.2 255.255.255.0 connected to the mikrotik LAN
fortigate LAN 172.16.0.1 255.255.0.0 connected to the network layer 2 switch
i have one ERP Server with ip address 172.16.0.xx connected to the same switch .
i want to forward ports to access the server from internet do i need to forward ports from firewall or mikrotik?
thanks
Yes double nat scenario
You need to forward the port coming in from external sources to the LANIP of the fortigate 192.168.50.2
two steps.
a. firewall forward chain rule allowing dst nat in general (as per default rules)
b. dst nat rule
Do you need two firewall? If not remove one.
I’ve got a similar setup: Modem → RB3011 → Unifi Dream Machine → LAN
I’m working on this issue since days. Networking is not one of my main discipline.
The filter + nat rules should be ok, but it doesn’t work. 
I’m trying to forward 443 to my nextcloud, which is located inside the LAN.
So I have to forward 443 this way:
Public IP (static)
|
192.168.247.0/24
|
192.168.247.30 (RB3011 Gateway)
|
192.168.247.1 (Unifi Dream Machine)
|
192.168.119.30 (Unifi Dream Machine internal Gateway)
|
192.168.119.7 (nextcloud)
How should filter and nat should look like?
I’ve attached the current rules (*.png).
Best,
Markus
