I have a public /29 block on my WAN interface and I am attempting to dst-nat an address in that block to an internal host. I've been successful with src-nat but can't pass any traffic on dst-nat. I've pasted what I think are the relevant lines below.
External Interface: x.x.x.2/29
Dst-nat IP: x.x.x.3/29
Internal Interface: 10.100.100.1
Internal Host: 10.100.100.100
Code: Select all
/ip address
add address=x.x.x.2/29 interface=ether1 network=x.x.x.0
add address=10.100.100.1/24 interface=ether2 network=10.100.100.0
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="accept new dst-nat" connection-nat-state=dstnat connection-state=new in-interface=ether1
add action=accept chain=forward comment="accept new src-nat" connection-nat-state=srcnat connection-state=new in-interface=ether2
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=x.x.x.3 in-interface=ether1 to-addresses=10.100.100.100
add action=src-nat chain=srcnat out-interface=ether1 src-address=10.100.100.100 to-addresses=x.x.x.3
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=x.x.x.1 routing-table=main suppress-hw-offload=no
I'd appreciate any help