I’m looking at http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram Layer 3 diagram. I’m trying to figure out why a routing decision is made to move a particular packet from the Prerouting to Input instead of Forward.
The general topology is LAN ↔ RB450G ↔ ISP with a PPPoE connection to the ISP. Let the IP provided by the PPPoE server be XXX.XXX.XXX.XXX. I’ve created dst-nat rules so that external XXX.XXX.XXX.XXX:PORT requests get redirected to an internal server. I’ve verified that Http connection requests to XXX.XXX.XXX.XXX:PORT from the ISP side of the RB450G work correctly. I’m trying to establish an http connection to XXX.XXX.XXX.XXX:PORT from the LAN side of the router and want the request to be routed to the ISP and then be a connection request from the ISP. But the packet moves from Preroute to Input instead of moving to Forward. The following log entries show this.
echo: firewall,info input: in:ether3-LAN out:(none), proto TCP (SYN), 192.168.1.25
:49217->XXX.XXX.XXX.XXX:PORT, len 48
echo: firewall,info output: in:(none) out:ether3-LAN, proto TCP (ACK,RST), XXX.XXX.XXX.XXX:PORT->192.168.1.25:49217, len 40
/IP ROUTE looks like.
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.0.6.1 1
1 ADC 10.0.6.1/32 XXX.XXX.XXX.XXX pppoe 0
2 ADC 192.168.1.0/24 192.168.1.2 ether3-LAN 0
This only happens for XXX.XXX.XXX.XXX (i.e. the IP provided by the PPoE Server). E.G. the packet for an internal connection request for XXX.XXX.XXX.XXX+1
ORT gets moved from Preroute to Forward.
Can anyone tell me how to do this?