Could anyone give me any advice on the following.
I needing to do a DST-NAT (port forward / Publish from router to internal ip) with a Mangle Pre-routing Marked Filter rule for all 0.0.0.0/0 traffic.
I have a remote site where I need all traffic to go up its VPN connection to head office (for http/https filtering purposes) but I also have a local server that needs publishing from the remote sites router external ip address.
Obviously as soon as I enable the pre-routing marked filter rule and create a 0.0.0.0/0 route rule for the marked filter I don’t have the ability to return the DST-NAT traffic to reply.
Can anyone think of a way to get around this?
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=filtering \
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp \
add distance=1 gateway=l2tp-out1 routing-mark=filtering