I have 2 Mikrotik boxes, connected by a GRE tunnel.
I have a tcp port from box #1 dst-natted to box #2.
Box #2 forwards that to a PC with a web server.
Ok. so I connect my device to the IP address of box #1 and the forwarded port, and I successfully hit the web server IF I use masquerade on the GRE tunnel. The issue is that I want the web server to see the IP address of the visitor, not the IP address of the GRE tunnel.
If I remove the masquerade, it doesn't work. I believe this is because box #1 doesn't know how to route IP addresses on box #2 ... AND ... I think box #2 tries to route out the default 0.0.0.0/0 route instead of back through box #1.
I've tried every combination of routing and masquerading and mangle that I can, and nothing works. So, I've deleted everything to start fresh.
If you could give me some recommendations on how to do this properly, I'll use that to build a config and then I will put that config on here if it doens't work to proceed further with troubleshooting.