Thank you!The easiest, as far as I can see is something along the lines of the following. This simply takes whatever arrives to the interfaces in the WAN list and translates it to the PFSense's address.By default, Mikrotik has a rule that permits all traffic to destinations that were translated If you have left it, that should still work.Code:/ip/firewall/natadd chain=dstnat in-interface-list=WAN action=dst-nat to-addresses=192.168.70.1
Note that in the description you give, you have no 192.168.70.254 and you said you assigned 70.2 to ether2 which you show connected to the second ISP. It may be that you already have quite a problem before doing more work.
Lastly, you are making this quite complex for the simple case you have. I think you should stop and consider simplifying your network: for example there is no need to do a NAT on the Mikrotik AND on the PFSense when you could just do the NAT on the Mikrotik directly to the real address of the server.
But I think the issue caused by, the mikrotik changing the header while passing data to the pfsense, so when I open the website from outside my request will never reach the target host. I have internet because of the masqurade rule on the LAN.
So I think I need to forward the packets between the mikrotik and the pfsense, to get this without changing the packets, am I totally wrong?
I think it causing double NAT or something like this.
Also a correction for the configuration:
I have set Fix ip for ether1 (ISP1)
I have set ether2 as 192.168.70.254/24 -> CRS326 -> Virtual Pfsense (192.168.70.1 /24 , default gateway 192.168.70.254
I have made a masqurade srcnat on ether1.
Statistics: Posted by MrdotApple — Wed Jan 31, 2024 12:24 am