I have rather unqiue setup, i couldn't find something similar on these forums or maybe i didn't know how to perform a valid search. Basically, i have following setup
There are two PPTP Clients enabled in MT.
This is routing table
[admin@mtodoric-mt] > /ip route print
Addresses 188.8.131.52/24; 184.108.40.206/24; 220.127.116.11/22 are public IP's, but due to some policies on them, i would like to reach those IP's from VPNs gateways, specifically VPN2. But only if source IP is on my "Trusted" address list. If it's not on trusted list, go through default gateway.
Code: Select all
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 192.168.0.1 1 1 A S 10.0.0.0/16 VPN1 2 2 ADC 10.0.11.1/32 10.0.11.12 VPN1 0 3 A S 10.8.0.0/16 VPN1 2 4 A S 18.104.22.168/24 VPN2 2 5 A S 22.214.171.124/24 VPN2 2 6 A S 126.96.36.199/22 VPN2 2 7 ADC 192.168.0.0/24 192.168.0.3 bridge 0 8 ADC 192.168.54.109/32 192.168.54.57 VPN2 0
I believe i need to do some mangle and possibly NAT them.
I also currently have these NAT rules:
But these will basically allow IPs from Trusted address list to access those addresses but if anyone else tries, it will fail since it's not NATted.
Code: Select all
[admin@mtodoric-mt] > /ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface=bridge log=no log-prefix="" ipsec-policy=out,none 1 chain=srcnat action=masquerade src-address-list=Trusted out-interface=VPN2 log=no log-prefix="" 2 chain=srcnat action=masquerade src-address-list=Trusted out-interface=VPN1 log=no log-prefix=""
How am i to accomplish this?