I have client addresses mapped to 172.20.100.0/22. Every now and again, I want to redirect them, one at a time, to a server where they'll be asked to update their information. That server is at 172.21.100.4
As an example, I have
/ip firewall nat chain=dstnat src-address=172.20.100.8 action=dst-nat to-addresses=172.21.100.4 protocol=tcp dst-port=80,443
This mostly works. But in the browser, if I go to say https://bing.com, I get an invalid certificate error which makes sense since the certificate is for the server at 172.21.100.4 and not for bing.com and FireFox for one does not allow me to proceed at all. Some other browsers do but it's very messy. I'd like to make it cleaner, to just get to the site. Any suggestions?