Hi,
I need help with the script below that follows the following rules:
- Hosts that belongs to private_network can access each other.
- Hosts that belongs to private_network are Masqueraded with ether1 Public IP.
- private_network’s should not be directly accessible by networks that belongs to PUBLIC.
- Hosts that belongs to private_network should be able to access all PUBLIC IP.
The problem with the script below is, it cannot access or ping the PUBLIC IP inside the router but it can ping the PUBLIC IP outside.
Is it possible that the next-hop from private_network “private_routes routing table” after masquerade will be itself but this time pointing to main routing table?
Thanks for the help.
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=172.16.0.1/24 interface=ether5 network=172.16.0.0
add address=172.17.0.1/24 interface=ether6 network=172.17.0.0
add address=103.68.0.1/24 interface=ether7 network=103.68.0.0
add address=100.55.0.1/24 interface=ether8 network=100.55.0.0
add address=1.1.1.2/30 interface=ether1 network=1.1.1.0
/ip firewall address-list
add address=172.16.0.0/24 list=private_network
add address=172.17.0.0/24 list=private_network
/ip firewall nat
add action=src-nat chain=srcnat log=yes routing-mark=private_routes src-address-list=private_network to-addresses=1.1.1.2
/ip route
add distance=1 gateway=1.1.1.1@main routing-mark=private_routes
add distance=1 gateway=1.1.1.1
/ip route vrf
add interfaces=ether5,ether6 routing-mark=private_routes