user (30.1.1.1) ----> mikrotik master (WAN 1.2.3.4 LAN 192.168.1.1) --> mikrotik second (LAN 192.168.1.2 LAN2 10.1.1.2) --> 3com router (10.1.1.1) --> leasedline --> customer (172.1.1.1 port 8888)
The catch is, customer have very specified connection requirement. It has to be connecting from our given IP&port to their IP&port. Anything else, their firewall will reject.
So user will connect using WAN IP (1.2.3.4 port 5678) to mikrotik master. In mikrotik master, I have set all traffic with WAN IP 1.2.3.4 to forward to mikrotik second.
So upon traffic arrive in mikrotik second, I need to apply dst-nat and src-nat in order to transform the IP&port correctly so it can connect to customer.
user (WAN 30.1.1.1) ----> 1.2.3.4 port 5678 --> mikrotik master ---> mikrotik second.
In mikrotik second,
Code: Select all
1 ;;; dstnat
chain=dstnat action=dst-nat to-addresses=10.1.1.2 to-ports=5678
protocol=tcp src-address=30.1.1.1 dst-port=5678 log=no
log-prefix=""
2 ;;; srcnat
chain=srcnat action=src-nat to-addresses=172.1.1.1 to-ports=8888
protocol=tcp src-address=10.1.1.2 src-port=5678 log=yes log-prefix=""
Am I missing MANGLE rules?