I have an IP conflict that I'm trying to solve with a mAP router. Normally I would fix an IP conflict by changing a network on one of the ends, but I don't have that option here. In this case, I just need a few services to communicate.
Office LAN is 192.168.0.0/252, office router lives at 192.168.1.1
We have an IPSEC tunnel that advertises cellular devices onto a local office subnet at 192.168.18.0/24. Workstations on 192.168.0.0/252 can communicate with this subnet. In this scenario, a workstation at 192.168.1.57 is trying to communicate with the end device.
The specific cellular modem WWAN IP is 192.168.18.131
The modem LAN IP is 22.214.171.124
Modem is forwarding certain service ports to 126.96.36.199 on the mAP.
Mikrotik mAP ether1 address is 188.8.131.52
Mikrotik mAP bridge address is 192.168.1.35
The ether2 port (part of the bridge) is plugged into an unmanaged switch of the local equipment.
The local device on the bridge side of the mAP that we are attempting to communicate with lives at 192.168.1.1. Unfortunately, I can't change this without breaking the equipment.
From a workstation at 192.168.1.57 in the office, I can access the Mikrotik remotely at 192.168.18.131:8291 (winbox) and 192.168.18.131:8081 (webfig). This works fine. I've created filter rules and port forwards in the mAP to allow and send certain traffic (ports 2222 and 44818) onward to the local device at 192.168.1.1, but it is not working so far. I've tried marking the WAN connection and routing and tried to make sure responses to 192.168.1.57 would be sent back up the WAN, but at this point I don't think the local device at 192.168.1.1 is even seeing the initial syn sent. I tried putting a laptop on the local network with this address and ran wireshark and did not see anything.
I'm hoping someone can take a look at my NAT/mangle and routing rules and point out something dumb that I am doing.
Please let me know if I can add any additional information. Thanks for the help.