Newbie in Mikrotik, to make me a little bit the hand, I setup a quick lab where I want to make a LAN base conf (no problem),
a source nat (masquerade) to go out on Internet, and publish a service from Internet to internal.
And now, I'm stuck on destination NAT, probably for a problem of understanding on my part. I made a simple NAT rule:
chain = dstnat
In.Interface.list = WAN (DHCP/ether1)
protocol = 6
Dst.port = 443
action = dstnat
to address = x.x.x.x (IP in the same subnet as the Mikrotik router)
to port = 443
Where I'm a bit confused, and mostly because it doesn't work, is if you should make a FW (forward) rule or not.
Code: Select all
# apr/22/2021 16:40:38 by RouterOS 6.47.8
# software id = S171-9SQD
#
# model = 2011UAS-2HnD
# serial number = 3F0702E51D4B
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=Margotte wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
/ip address
add address=192.168.60.2/30 interface=ether2 network=192.168.60.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN log=yes protocol=tcp to-addresses=192.168.60.1 \
to-ports=443
Thanks for your help.