I have a ubuntu server with ip 192.168.10.144, in this server I have a docker network using ip range 10.0.0.0/24. I need connect my computer to some services running in docker, so I've added a route in Mikrotik:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.0.1 1
1 A S 10.0.0.0/24 192.168.10.144 1
2 ADC 192.168.0.0/24 192.168.0.3 ether1-internet 0
3 ADC 192.168.10.0/24 192.168.10.1 ether2-proliant 0
However the connection between my computer and docker services are extremely slow. I used wireshark to check what was happening and found some of tcp-restransmission messages:
I've though a nat rule could solve the problem, however when using the following rules, no communication was made between my computer and docker:
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-internet log=no
log-prefix=""
1 chain=dstnat action=dst-nat to-addresses=192.168.10.144 to-ports=80
protocol=tcp dst-port=8000 log=no log-prefix=""
2 X chain=dstnat action=dst-nat to-addresses=192.168.10.144 protocol=tcp
dst-address=10.0.0.0/24 log=no log-prefix=""
3 X chain=srcnat action=src-nat to-addresses=10.0.0.0/24 protocol=tcp
src-address=192.168.10.144 log=no log-prefix=""
What am I doing wrong?
Your PC has IP address 192.168.10.53? You send traffic to host 10.0.0.77 via your default gateway - 192.168.10.1. Your router send you back ICMP redirect packets. You can read more about that here: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
You possibly get something similar to problem described here: https://forum.mikrotik.com/viewtopic.php?t=139465
Possible solution: Set static route on your PC:
10.0.0.0/24 via 192.168.10.144I simply deleted the nat rules and added a masquerade rule:
Now everything is working as expected.