Forwarding Protocols • NAT using static port

I need to set up a rule that looks like this: (this was done on a pfsense box)


All my routers are using RouterOS 7.16.2. So, I have a public network (in this example 10.0.0.0/24). Main router is set up to advertise that IP range via BGP. I have set up a CHR with a WAN interface, with an IP from BGP range (eg: 10.0.0.250) and a LAN range of 192.168.30.0/24. What I want to do, from a server (192.168.30.10) I want to ssh to another server (10.0.0.10), but that interface does not have a default gateway, as it's a second interface on the server I want to connect to.

I can ssh and telnet to 10.0.0.10 from any server on the 10.0.0.0/24 network.
I can ssh and telnet from 192.168.30.10 to other servers on 10.0.0.0/24.
I cannot ssh or telnet from 192.168.30.10 to 10.0.0.10.
I can telnet from the CHR to servers on 10.0.0.0/24.
I cannot telnet from the CHR to 10.0.0.10.


I have added this on the CHR:

[admin@MikroTik] /ip/firewall/nat> add chain=srcnat src-address=192.168.30.0/24 action=src-nat out-interface=WAN to-addresses=10.0.0.10

but it did not help. I think I am missing something here and need another pair of eyes to point out the obvious to me.

Statistics: Posted by wbarnard81 — Mon Jan 13, 2025 4:41 pm

---