Hi to all!!
I need to do a port forwarding to an internal server but I don’t know how to do it (RouterOS 7.4)
This server is in other routing table (not in main table, due to VRF Lite configuration)
When I try to add a dst-nat to this server (in firewall->nat) I see “routing mark” and “connection mark” parameters but doesn’t work.
(I already have routing and mangle rules for masquerade and internet access where I use connection mark and then specific the new-routing-mark and it works well)
Have I add mangle rules first and then dst-nat with routing mark parameter? Or is it not necessary? How I can do these rules?
Is there anything else to do afterwards?
Hi!
It works when I add this routing rule: scr-address 0.0.0.0/0 dst-address 192.168.10.0/24 lookup vrf10
but this rule can accept connections from everywhere and I only want connections from internet (and not from other networks of other vrf’s)
how can do more specific??
Place src-address=10.0.0.0/8 dst-address=192.168.10.0/24 action=drop
src-address=172.16.0.0/12 dst-address=192.168.10.0/24 action=drop
src-address=192.168.0.0/16 dst-address=192.168.10.0/24 action=drop
before your rule.
What do you mean by “VRF lite”? Manually configured routing marks and routing tables?
