How to smartly forward a port to access an LTE modem via VPN?

V

Vladimir Kivva2018-05-17 15:32:18

Computer networks

Vladimir Kivva, 2018-05-17 15:32:18

There is a Mikrotik, 192.168.188.1 , an LTE 192.168.8.1 modem is plugged into it , Mikrotik is also in the VPN network 10.8.0.0/16
BestSignal - the name of the VPN interface
10.8.0.30 - the address of the router in the VPN network
How to formulate rules to get to the modem from VPN ?
tried like this:

0    chain=dstnat action=dst-nat to-addresses=192.168.8.1 to-ports=80 
      protocol=tcp in-interface=BestSignal dst-port=80 log=yes 
      log-prefix="" 

1    chain=srcnat action=src-nat to-addresses=10.8.0.1 to-ports=80 protocol=tcp 
      src-address=192.168.8.1 out-interface=BestSignal src-port=80 log=no 
      log-prefix=""

Now, when trying to log in, the browser address is converted to 192.168.8.1/html/index.html?url=10.8.0.30 - isn't the dog buried here? There are 0 packets in the src-nat rule, apparently, because this is not an external-> tunnel, but a client-> nat-> client communication, then src-nat is not needed. Or an error in its syntax?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Denis Sechin, 2018-05-17
@tamogavk

Why do port forwarding at all if you have a VPN connection with Mikrotik? and the modem's mesh is a directly connected mesh, it should be available anyway if it's not blocked by a firewall.

N

nfire, 2018-05-17
@nfire

80 is used by Mikrotik itself. In theory, it should not interfere, but as an option, try a different port.

A

Alexander Karabanov, 2018-05-18
@karabanov

chain=dstnat action=dst-nat to-addresses=192.168.8.1 protocol=tcp dst-address=10.8.0.30 dst-port=80 log=no log-prefix=""
No second rule