Scenario:
172.16.1.100 can reach on Remote Desktop Protocol 10.0.0.2 PC with "fake" address 10.10.10.2 via routing and netmap:
RB1:
add distance=1 dst-address=10.10.10.0/24 gateway=192.168.1.10
add action=masquerade chain=srcnat dst-address=10.10.10.0/24 out-interface=all-ppp src-address=172.16.1.0/24
RB2:
add action=netmap chain=srcnat out-interface=l2tp src-address=10.0.0.0/24 to-addresses=10.10.10.0/24
add action=netmap chain=dstnat dst-address=10.10.10.0/24 in-interface=l2tp to-addresses=10.0.0.0/24
add action=masquerade chain=srcnat dst-address=10.0.0.0/24 src-address=192.168.1.254
172.16.1.100 calls 10.10.10.2
RB2 manages packets as they was generated by 192.168.1.254 first and further masqueraded to 10.0.0.2 so no routes other than dynamically generated by interfaces are needed.
Then 10.10.10.0/24 is netmapped to 10.0.0.0/24.
All is working fine.
Now from internet I want to reach 10.0.0.2 RDP by connecting 88.88.88.88:3389
So I add on RB1:
add action=dst-nat chain=dstnat comment="Test rdp " dst-port=3389 in-interface=ether6-wan protocol=udp to-addresses=10.10.10.2
add action=dst-nat chain=dstnat comment="Test rdp " dst-port=3389 in-interface=ether6-wan protocol=tcp to-addresses=10.10.10.2
It doesn't work as torching RB2 l2tp interface, the called PC answer back to caller PUBLIC ip address
I can't find the right way to (double) masquerade caller in order to work.
Any hint please ?
