then let me start with how the configuration is now.
- interface ether1 goes to the internet
- interface ether2 is the local network
- gre is the tunnel to hamnet (hamnet is the 44 network and intended for broadcasting amateurs, i will say hamnet from now on because it is a bit easier)
- bridge is the local part of hamnet and is intended for one hamnet ip ranch from 44.137.83.64 to 79 or a /28 subnet
which ip rachne is for what
- 192.168.100.0/24 has become the network between one provider and one microtik router.
traffic coming in on 85.214.62.188 and on 85.214.172.52 will be forwarded to the router through this network
-192.168.200.0/24 is the lan network.
all servers are in this network.
- 44.137.83.64/28 is one hamnet ip ranche.
where 44.137.83.65 to 44.137.83.69 are reachable both via the internet and via hamnet
what do I ultimately want to have as an end goal.
- that I can serve both to the internet and to hamnet addresses via my local network (lan).
- that I can make port forwardings based on ip address and thus say that for example port 80 can forward external address 85.214.62.188 (192.168.100.2) to server 192.168.200.2 and port 80 to 44.137.83.65 then to 192.168.200.3 and 80 at 44.137.83.70 to 192.168.200.4
what is my configuration right now.
/ip address print detaill
0 address=192.168.200.1/24 network=192.168.200.0 interface=ether2 actual-interface=ether2
1 address=192.168.100.2/24 network=192.168.100.0 interface=ether1 actual-interface=ether1
2 address=192.168.100.3/24 network=192.168.100.0 interface=ether1 actual-interface=ether1
3 address=44.137.83.78/28 network=44.137.83.64 interface=bridge actual-interface=bridge
4 address=44.137.61.34/30 network=44.137.61.32 interface=gre09 actual-interface=gre09
5 address=44.137.83.65/28 network=44.137.83.64 interface=bridge actual-interface=bridge
6 address=44.137.83.70/32 network=44.137.83.70 interface=bridge actual-interface=bridge
/ip firewall filter print detail
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept connection-state=established,related
1 chain=input action=drop connection-state=invalid protocol=!gre
2 chain=input action=accept protocol=icmp
3 chain=input action=accept protocol=tcp src-address-list=mgmnt-ips in-interface=ether1
4 chain=input action=accept in-interface=ether2
5 chain=input action=accept protocol=udp dst-port=67,68
6 chain=input action=drop
7 chain=forward action=accept connection-state=established,related
8 chain=forward action=accept in-interface=ether2
9 chain=forward action=drop connection-state=invalid
10 chain=forward action=drop
/ip firewall addres-list print detail
0 list=mgmnt-ips address=192.168.200.254 creation-time=jan/07/2023 11:34:56
1 list=mgmnt-ips address=83.82.141.67 creation-time=jan/07/2023 11:35:54
2 list=mgmnt-ips address=89.190.141.193 creation-time=jan/07/2023 11:36:32
/ip firewall nat print detail
0 chain=srcnat action=src-nat to-addresses=44.137.61.34 out-interface=gre09 log=no
log-prefix=""
1 chain=srcnat action=masquerade out-interface-list=WAN
and finally
/ip route print detail
0 ADb dst-address=0.0.0.0/0 pref-src=44.137.83.78 gateway=44.137.61.33
gateway-status=44.137.61.33 reachable via gre09 distance=20 scope=40 target-scope=10
routing-mark=hamnet bgp-as-path="4220406100" bgp-local-pref=50 bgp-med=0
bgp-origin=incomplete bgp-communities=44137:10000,44137:10050 received-from=gw-44-137
1 ADb dst-address=44.0.0.0/9 pref-src=44.137.83.78 gateway=44.137.61.33
gateway-status=44.137.61.33 reachable via gre09 distance=20 scope=40 target-scope=10
routing-mark=hamnet bgp-as-path="4220406100" bgp-local-pref=50 bgp-med=0
bgp-origin=incomplete bgp-communities=44137:10000,44137:10050 received-from=gw-44-137
2 ADb dst-address=44.128.0.0/10 pref-src=44.137.83.78 gateway=44.137.61.33
gateway-status=44.137.61.33 reachable via gre09 distance=20 scope=40 target-scope=10
routing-mark=hamnet bgp-as-path="4220406100" bgp-local-pref=50 bgp-med=0
bgp-origin=incomplete bgp-communities=44137:10000,44137:10050 received-from=gw-44-137
3 ADb dst-address=44.137.0.0/16 pref-src=44.137.83.78 gateway=44.137.61.33
gateway-status=44.137.61.33 reachable via gre09 distance=20 scope=40 target-scope=10
routing-mark=hamnet bgp-as-path="4220406100" bgp-local-pref=50 bgp-med=0
bgp-origin=incomplete bgp-communities=44137:10000,44137:10050 received-from=gw-44-137
4 A S dst-address=44.137.61.32/32 pref-src=44.137.61.34 gateway=gre09
gateway-status=gre09 reachable distance=1 scope=10 target-scope=10 routing-mark=hamnet
5 A S dst-address=44.137.83.64/28 pref-src=44.137.83.78 gateway=bridge
gateway-status=bridge reachable distance=1 scope=10 target-scope=10 routing-mark=hamnet
6 A S dst-address=0.0.0.0/0 gateway=192.168.100.1
gateway-status=192.168.100.1 reachable via ether1 distance=1 scope=30 target-scope=10
7 ADC dst-address=44.137.61.32/30 pref-src=44.137.61.34 gateway=gre09
gateway-status=gre09 reachable distance=0 scope=10
8 ADC dst-address=44.137.83.64/28 pref-src=44.137.83.78 gateway=bridge
gateway-status=bridge reachable distance=0 scope=10
9 ADC dst-address=44.137.83.70/32 pref-src=44.137.83.70 gateway=bridge
gateway-status=bridge reachable distance=0 scope=10
10 A S dst-address=145.220.78.4/32 gateway=192.168.100.1
gateway-status=192.168.100.1 reachable via ether1 distance=1 scope=30 target-scope=10
11 ADC dst-address=192.168.100.0/24 pref-src=192.168.100.2 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10
12 ADC dst-address=192.168.200.0/24 pref-src=192.168.200.1 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10
I hope I have provided enough information. if not, I'd love to hear what else you want to know