The hAP graps a dhcp from the local network, connects, and my EoIP tunnel is established. I then assign a /30 for a management interface between my router (RB4011) and the hAP, that way I'm able to access the router as well as some other devices on the other end of the network.
I just deployed one of these this week that's running ros 7.6, and the dst-nat function doesn't seem to work like it does on all the other hAP's running ros 6.xx. I'm about ready to pull my hair out trying to figure this out, but nothing has seemed to work. I've looked at several working configs for other sites dozens of times over the last 3 days, and everything feels like it should be working. So, I'm asking for help.
What I'm trying to accomplish - I need to access a host on the remote side within the DHCP range 10.1.10.10/24, via my management interface of 10.10.32.6/30. I've been able to set this up with a dst-nat firewall rule, but traffic doesn't ever reach the remote range.
When I'm at my office, I need to be able to visit 10.10.32.6:80 and have that bet dst-nat'd to the remote 10.1.10.10:80 address.
Here's copies of my configs
Firewall
*These are the only 3 firewall rules - period*
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 in-interface=bridge1 log=yes log-prefix=WEB protocol=tcp src-address=10.10.32.5 to-addresses=10.1.10.10 to-ports=80
add action=dst-nat chain=dstnat dst-port=3011 in-interface=bridge1 protocol=tcp src-address=10.10.32.5 to-addresses=10.1.10.10 to-ports=3011
add action=dst-nat chain=dstnat dst-port=8006 in-interface=bridge1 protocol=tcp src-address=10.10.32.5 to-addresses=10.1.10.10 to-ports=8006
Addresses
Code: Select all
/ip address
add address=10.10.32.6/30 comment="Mgmt Addr" interface=eoip-tunnel1 network=10.10.32.4
Interfaces
Code: Select all
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=wlan1
add bridge=bridge1 ingress-filtering=no interface=eoip-tunnel1
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether1
Log output
Code: Select all
WEB dstnat: in:bridge1 out:(unknown 0), connection-state:new src-mac d4:ca:6d:fa:bb:93, proto TCP (syn), 10.10.32.5:56122->10.10.32.6:80, len 48