Hi everyone,
I hope someone can help me on this one. I'm strungling to understand why the masquerading for the web/mail VM server (add action=masquerade chain=srcnat src-address=172.16.20.12) is required for the reverse proxy to work. I do not wish to use the single IP masquerade because the login session logs show the gateway IP (172.16.20.1) for every login (local & remote).
So if i remove the single IP masquerading the reverse proxy will not work.
Reverse proxy on Centos 7 apache server -> https://hosting.cso******.com:10000 to https://hosting.cso******.com
The Internet is FTTH with Static IP using PPPoE Client and it's connected like this -> ISP ONT device -> Mikrotik RB5009 (ether1) -> Vlan42 on ether1 (required by ISP for internet access) -> PPPoE Client with dummy credentials.
I hope someone can help me on this one. I'm strungling to understand why the masquerading for the web/mail VM server (add action=masquerade chain=srcnat src-address=172.16.20.12) is required for the reverse proxy to work. I do not wish to use the single IP masquerade because the login session logs show the gateway IP (172.16.20.1) for every login (local & remote).
So if i remove the single IP masquerading the reverse proxy will not work.
Reverse proxy on Centos 7 apache server -> https://hosting.cso******.com:10000 to https://hosting.cso******.com
The Internet is FTTH with Static IP using PPPoE Client and it's connected like this -> ISP ONT device -> Mikrotik RB5009 (ether1) -> Vlan42 on ether1 (required by ISP for internet access) -> PPPoE Client with dummy credentials.
Code:
# 2024-01-27 21:49:52 by RouterOS 7.13.3# software id = GID6-7H3W## model = RB5009UG+S+# serial number = HE408SK2AR9/ip firewall natadd action=masquerade chain=srcnat out-interface=pppoe-ctfiberadd action=masquerade chain=srcnat src-address=172.16.20.12add action=dst-nat chain=dstnat comment=VWM dst-address=213.7.xxx.xxx dst-port=25,110,143,465,587,993,995,80,443 protocol=tcp to-addresses=172.16.20.12add action=dst-nat chain=dstnat dst-address=213.7.xxx.xxx dst-port=10000,20000 protocol=tcp to-addresses=172.16.20.12/ip addressadd address=192.168.40.1/30 comment=CCTV interface=ether4 network=192.168.40.0add address=192.168.50.1/24 comment=CAPsMAN interface=br_adus network=192.168.50.0add address=192.168.20.1/24 comment="DHCP for VMs" interface=ether2 network=192.168.20.0add address=172.16.20.1/24 comment="VMware / Core Servers" interface=ether2 network=172.16.20.0add address=10.1.2.1/24 interface=WireGuard network=10.1.2.0add address=10.1.1.1/24 interface=gre_to_cisco-1 network=10.1.1.0add address=10.0.0.1 interface=Loopback network=10.0.0.1add address=172.16.21.1/29 interface=br_adus network=172.16.21.0add address=10.0.60.1/24 interface=ether6 network=10.0.60.0add address=10.0.53.1/24 interface=v53-mgmt network=10.0.53.0Statistics: Posted by chrisk — Sat Jan 27, 2024 10:15 pm