Double NAT port forward with 2 routers with 2 WAN connections

[IKILLER147]

Hi, I have a problem with double port forwarding in a non-standard setup. I have 2 routers, the first is an OPNsense VM and the second is a MikroTik, both have their own internet connection. The problem is that I have some systems on the OPNsense network and others behind the MikroTik. So I need to forward a port from OPNsense WAN to MikroTik LAN. I know it would be better to use a VPN, unfortunately that is not an option at the moment and I need to use port forwarding over the OPNsense WAN IP. I currently have the same configuration set up for testing in VirtualBox. The OPNsense has a WAN IP of 192.168.1.50 and a LAN IP of 10.14.0.0/23. The MikroTik has a WAN IP of 192.168.1.47 and a LAN IP of 10.255.0.0/24, while being connected to the OPNsense LAN with an IP of 10.14.0.254. So far I have noticed that in this configuration it will be necessary to use SRCNAT to SRC the IP from the WAN, i.e. redirect to 10.14.0.1, this is because port forwarding by default does not hide the source IP behind the LAN IP, so the response is then sent over the MikroTik's WAN. So I set the port forwarding rule, in the test case the RDP port on the MikroTik IP 10.14.0.254, with this setting the packet arrives at the destination machine via port forwarding on the MikroTik IP 10.255.0.254. The source IP of the packet is the IP from the WAN. Next, I set up a NAT rule that will forward an incoming packet from the WAN on port 3389 to IP from the WAN to 10.14.0.1. In this case, if I look in wireshark or sniffer on the MikroTik, I see the source IP as the LAN IP of OPNsense. Next, I see in the sniffer that the destination server responds with 10.14.0.1, but the packet no longer passes through OPNsense and gets lost somewhere. When I tried the same configuration on RouterOS instead of OPNsense, it worked fine. Thank you for your help.

[IKILLER147]

Network schema + OPNsense firewall log