Code: Select all
add chain=dstnat action=dst-nat to-addresses=192.168.10.10 to-ports=443 protocol=tcp dst-port=443
add chain=dstnat action=dst-nat to-addresses=192.168.10.20 to-ports=3389 protocol=tcp dst-port=3389
add chain=srcnat action=masquerade src-address=192.168.10.0/24 out-interface-list=WAN
add chain=dstnat action=dst-nat to-addresses=192.168.11.10 to-ports=80 protocol=tcp dst-port=80
add chain=srcnat action=masquerade src-address=192.168.11.0/24 out-interface-list=WAN
Code: Select all
INTERNET
|
150.160.170.180/30
/ \
VLAN 10 VLAN 11
192.168.10.0/24 192.168.11.0/24
Code: Select all
INTERNET
|
150.160.170.180/30
/ \
150.160.165.185/29 150.160.165.186/29
VLAN 10 VLAN 11
192.168.10.0/24 192.168.11.0/24
Provider will make my /30 IP as routable peer for /29 so it should be like what? Some kind of double routing and double DMZ?