DEVICE: hEX S
Version: latest v6.45.7
My HEX S:
- sfp1: 100.68.39.194/28 (UPLINK TO ISP, GATEWAY: 100.68.39.193)
- bridge1(Ether1~5): 192.168.0.1/24 (MY LAN)
- loopback0(A bridge to simulate loopback interface of cisco): 184.108.40.206/32 (Public IP address from my ISP)
I need to USE this single ip in my office. So I copied configuration and translate it to RouterOS's configuation from my original H3C router.
/32 IP address assign to loopback interface, and disable masquerade, use src-nat to this address.
/ip firewall nat add action=src-nat chain=srcnat comment=\ "SRCNAT-" ipsec-policy=out,none \ out-interface=sfp1 src-address=192.168.0.0/24 to-addresses=\ 220.127.116.11
But when I add a DST-NAT rule to allow clients outside use my SSL VPN (192.168.0.250:443), use public port 8443, it failed.
/ip firewall nat add action=dst-nat chain=dstnat dst-address=\ 18.104.22.168 dst-port=8443 protocol=tcp \ to-addresses=192.168.0.250 to-ports=443
How can I make it work as experted?