ISP - rb4011 - rb4011 (with wifi) - other devices
I'd like to confirm that I'm on the right track. If I want to dst-nat a public address to some internal device, I believe this is the flow, but would appreciate a sanity check.
I'll need a dst-nat nat chain rule + a forward chain rule on the edge router, and then a forward chain rule on the next router? Am I on the right track?
Something like this
Code: Select all
router 1:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1 log=yes protocol=tcp to-addresses=[inside device address] to-ports=443
/ip firewall filter
add action=accept chain=forward dst-address=[inside device address] dst-port=443 in-interface=ether1 log=yes protocol=tcp
router 2:
/ip firewall filter
add action=accept chain=forward dst-address=[inside device address] dst-port=443 log=yes protocol=tcp