I switched the WAN port from eth1 to eth8 succesfully (I need that eth1 for my 2.5gbps desktop) but now I'm trying to share a NAS/webserver which is running a reverse proxy via port 80/443 (I moved the web interface from TrueNAS to 81/444 and use Traefik on 80/443) using eth8. I can't use the WAN IP since I have Cable Inernet in Canada and if you reboot/lose power for too long your IP changes so I want to bind it to whatever IP the DHCP client gets from eth8. This seems to be fine since I get an IP from the Cable modem in IP -> Addresses
I googled a bunch of videos/guides, clearest one was from this one https://www.youtube.com/watch?v=jgKgsg9VlhY from Category5 Tech TV, but it's still not working. Externally my WAN IP is not being picked up by my webserver and internally my WAN IP just puts me back to my mikrotik setup screen.
Code: Select all
[admin@MikroTik] /ip/firewall/nat> print detail
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 ;;; Web Server Port 80-81
chain=dstnat action=dst-nat to-addresses=192.168.88.247 to-ports=80-81 protocol=tcp in-interface=ether8 dst-port=80-81 log=no log-prefix=""
2 ;;; Web Server HTTPS 443
chain=dstnat action=dst-nat to-addresses=192.168.88.247 to-ports=443-444 protocol=tcp in-interface=ether8 dst-port=443-444 log=no log-prefix=""
Code: Select all
[admin@MikroTik] /ip/firewall/filter> print detail
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
5 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
6 ;;; Firewall port 80
chain=forward action=accept protocol=tcp dst-address=192.168.88.247 in-interface=ether8 dst-port=80-81 log=no log-prefix=""
7 ;;; Firewall 443-444
chain=forward action=accept protocol=tcp dst-address=192.168.88.247 in-interface=ether8 dst-port=443-444 log=no log-prefix=""
8 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
9 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
10 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related
11 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
12 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
13 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN