Newbie in Mikrotik, to make me a little bit the hand, I setup a quick lab where I want to make a LAN base conf (no problem),
a source nat (masquerade) to go out on Internet, and publish a service from Internet to internal.
And now, I'm stuck on destination NAT, probably for a problem of understanding on my part. I made a simple NAT rule:
chain = dstnat
In.Interface.list = WAN (DHCP/ether1)
protocol = 6
Dst.port = 443
action = dstnat
to address = x.x.x.x (IP in the same subnet as the Mikrotik router)
to port = 443
Where I'm a bit confused, and mostly because it doesn't work, is if you should make a FW (forward) rule or not.
# apr/22/2021 16:40:38 by RouterOS 6.47.8 # software id = S171-9SQD # # model = 2011UAS-2HnD # serial number = 3F0702E51D4B /interface wireless set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=Margotte wireless-protocol=802.11 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface list member add interface=ether1 list=WAN add interface=ether2 list=LAN /ip address add address=192.168.60.2/30 interface=ether2 network=192.168.60.0 /ip dhcp-client add disabled=no interface=ether1 /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN log=yes protocol=tcp to-addresses=192.168.60.1 \ to-ports=443
Thanks for your help.