Hi,
I bet this question has been asked many times, but all the threads I’ve found didn’t help my issue.
I have a VPS running OPNsense on the Internet that acts as a DDoS protection for my server at home where I have a Mikrotik CCR2004.
What I have set up is a strict firewall on VPS which uses simple NAT port forwarding pointing at my home LAN server IP and a static route on the VPS so that traffic for home LAN goes through GRE tunnel.
VPS (WAN 104.X.X.X/24, GRE 10.0.1.1/30) ↔ Mikrotik (WAN 81.X.X.X/24, GRE 10.0.1.2/30, LAN 192.168.1.0/24) ↔ Server (LAN 192.168.1.80/24)
From VPS I can ping my home LAN IP addresses just fine and I can ping the VPS GRE tunnel IP from home LAN clients as well.
However, the application that I have port forwarded to doesn’t work. I see packets coming in, however when I torch the GRE interface I can see incoming packets towards the server have my home WAN IP address as source instead of GRE tunnel IP, so I assume they get routed back out through my home WAN instead of back through the tunnel to the VPS. Ping works however, so why would that be?
I am really bad at the NAT/mangle/masquerade rules, so if anyone could point me in the right direction what is missing or required, I would be forever grateful.
Thanks in advance!