Basically the APP that does the discovery performs a directed broadcast (they could obviously just use a plain broadcast) inside its subnet and discovers the air con.
After a simple discovery, a regular unicast communication is established between the APP and the aircon.
I wanted to perform dstnat on the ingress packet and direct it to the subnet where the aircon resides (using directed broadcast "helper" address is fine...).
What I'm experiencing is that the dstnat rule actually matches the ingress directed broadcast packet (packet count and log confirms this) but nothing is happening with the packet as if its silently dropped.
Is this the ROS expected behaviour for directed broadcast or I'm missing something?
To note, even with Mikrotik "security policy decision" to block driected broadcast, users SHOULD be able to enable it for specific scenarios!!
APP discovery: 10.2.0.20:30000@UDP -> 10.2.0.255:30050
APP discovery: 10.2.0.20:30000@UDP -> 10.2.0.255:30050 -> dstnat -> 10.2.0.20:30000@UDP -> 10.2.2.0/24_l2_bcast:30050
Code: Select all
/ip firewall nat add action=dst-nat chain=dstnat comment=\ "forward daikin aircon probes to IOT network" dst-address=10.2.0.255 \ dst-port=30050 in-interface=sfp1.1200 log=yes protocol=udp src-port=30000 \ to-addresses=10.2.2.244 /ip arp add address=10.2.2.244 comment="directed broadcast helper address" interface=\ sfp1.1202 mac-address=FF:FF:FF:FF:FF:FF /ip address add address=10.2.0.1/24 interface=sfp1.1200 network=10.2.0.0 add address=10.2.2.1/24 interface=sfp1.1202 network=10.2.2.0