- 192.168.1.20 –> 1.2.3.4:3389 –> 192.168.1.10:3389
- The solution was to rewrite the port forwarding rule to NOT to use
in-interface=WAN-GATEWAY
, butdst-address-type=local
# DST-NAT rule to redirect port 3389 from
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=1.2.3.4 dst-address-type=local dst-port=3389 protocol=tcp to-addresses=192.168.1.10 to-ports=3389 comment="Redirect RDP PORT TCP 3389 to local server"
# Masquerade local traffic going to mikrotik WAN IP - [To access that service from LAN using mikrtoik wan ip]
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.10 protocol=tcp dst-port=3389 out-interface=LAN-Interface action=masquerade comment="Masquerade Traffic going to WAN IP of mikrotik from local LAN users"