Hi.
I have a rather non-standard question that I can't find an answer to, so I decided to write it here.
I will describe the connection scheme that I have and describe the problem that I cannot solve, I do not have enough experience.
All IP addresses used in this example are fictitious.
1.VPS
160.50.40.150 - public ip
↓↓↓
2.Docker Engine
172.10.0.1 - local ip
↓↓↓
3.Container VPN
172.10.0.2 - container local ip
12.10.0.2 - tunnel ip from VPN
↓↓↓
GLOBAL NETWORK
↓↓↓
4.Connected devices to VPN network:
SSH server(pc) 12.10.0.3
MikroTik 12.10.0.4
How I implement access to the end device(example to SSH server).
FIRST: On 1.VPS i write iptables rule: iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 172.10.0.2:22
SECOND: On 3.Container VPN i write iptables rule: iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j DNAT --to-destination 12.10.0.3:22
This way I can connect to the public 160.50.40.150:22 VPS address and get directly to the SSH server 12.10.0.3:22
These rules work flawlessly and I can access any device in the VPN network every time by accessing the public address of the VPS.
This is convenient because I can't install a VPN client everywhere, but I need access.
and my unsolved problem: I can't access mikrotik in the same way.
These are the rules I write:
1.VPS i write iptables rule: iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 172.10.0.2:80
3.Container VPN i write iptables rule: iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 12.10.0.4:80
and I still can't access the router via the public VPS address via 160.50.40.150:8080
I performed a series of checks and realized that there is no access yet at the stage from 172.10.0.1 to 12.10.0.4, but I can't understand why, because all the rules are allowed and there are no blocks anywhere, I can change the final address to the ssh server address and everything works, again I change the final address to Mikrotik and there is no access.
+ to check, I connected to the VPN network myself and was able to open web Mikrotik router at address 12.10.0.4:80 directly from the browser without any problems.
There is no access via the public VPS address.
Wireguard VPN works fine on Mikrotik itself, here is an example of the configuration that I imported into it:
[Interface]
Address = 12.10.0.4/32
PrivateKey = privkey
[Peer]
PublicKey = pubkey
AllowedIPs = 0.0.0.0/0
Endpoint = 160.50.40.150:51820
PersistentKeepalive = 15
I use this method of accessing any home and other resources for many things and it is always successful.
but I feel that there is still something I don't know about Mikrotik...
I hope I managed to explain the situation.