Hope you guys can help as I’ve tried everything and frankly, I’m stumped. I have a network that involves multiple Mikrotik routers, each with it’s own subnet.
If I’m on the one subnet on Router1, 192.168.1.0/24 and need to remote to RDP to a single Server another subnet on Router 192.168.2.0/24, I know I need to configure a dstnat rule on Router2 to allow Port 3389 and forward it to that Server (ie 192.168.2.10). But the issue is that I have multiple servers that I need to be able to RDP to, but I can’t. I tried configuring another rule, but it ignores that one completely, and only when I change the order of the rules can I RDP to Server2 (ie 192.168.2.11)
How would I go about allowing this? If I have to make a rule for each server, then that’s okay, since there aren’t that many, but all I need is to be able to RDP to each of the required devices.
If it’s all your network, you shouldn’t need any NAT at all. Just make sure you have proper routes (i.e. device in 192.168.1.0/24 knows where to send packets for 192.168.2.10, and also 192.168.2.10 knows where 192.168.1.x is) and your firewall doesn’t block these packets. That’s all.
Thanks for the response. I realise I’ve been over complicating things and ended up screwing the whole thing up. Since simplifying things, I managed to mostly sort it out, but I have a slightly different issue now, and hoping for some insight into this.
I still have 2 Routers. The one is the Main router which has the uplink to the internet (eth1). Gave it IP range 10.0.10.0/24 (Default Gateway is 10.0.10.1). I use that range to connect Router 2 to it with 10.0.10.2 I then have two network subnets for the servers and Hyper-V devices. On Router 1 it is 192.168.10.0/24 (eth2) and on Router 2 is is 192.168.20.0/24. Router 2 is connected to Router 1 using eth4, with Router 2’s eth1 being it’s uplink, and eth2 going to it’s Server and Hyper-V devices.
The only NAT rule that Router 2 has is the masquerade that’s set as the default config in order to communicate with Router 1. When connected to Router 2, I can access EVERYTHING on the network including RDP which was the initial issue, including all the servers on Router 2 that’s in 192.168.10.0/24 subnet. But I can’t do it the other way around, nothing on router 1 can communicate with Router 2. I know it is a matter of either a firewall rule somewhere, or a router setup, but I can’t figure out which.
And then you don’t need any NAT on Router 2. The rest depends on firewall rules. If you would have none, everything would be allowed. If you don’t want that, you need to add proper rules allowing only what you want and block the rest.
Thanks for the help Sob. This did the trick. I can not connect through to everything, and RDP to everything. As I said, sometimes the simplest solutions do the trick.