1. There is a cable router that connects to the internet. Let's say that the outside ip of this router is 1.1.1.1 and the LAN ip is 192.168.0.1 Loopback is possible and enabled in this router.
2. A mikrotik router connects to this cable router and is in a DMZ. The MK router has an ip of 192.168.0.69 and then it supplies four VLANs and the dhcp servers for the VLANS. In VLAN10, there is a computer that serves Carddav and Calddav services through Baikal (port 443). The IP addresses of the VLAN10 is 192.168.1.0/24, the MK router has an IP address of 192.168.1.1 and the server is where Baikal is has the address 192.168.1.10.
My first problem was trying to get the outside to connect to my Carddav servers in VLAN10 (Or elsewhere, but VLAN does need access for this). I managed to get it work in either of this two ways. I do not fully understand why they work, but they do work.
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAS openning to do the addressbook" dst-port=443 in-interface=ether8 protocol=tcp to-addresses=192.168.1.10 to-ports=56
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAS openning to do the addressbook" dst-address=192.168.0.69 dst-port=443 protocol=tcp to-addresses=192.168.1.10 to-ports=443
Supposedly, I would do something like,
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.1.10 dst-port=443 out-interface=all-ethernet protocol=tcp src-address=192.168.1.0/24