Hi Folks,
I am trying to replace my old reliable RB4011 WAN router (terminates the gigabit pppoe connection to my ISP and then serves a default route for one /24 along with some port-forwarding for 5-6 different services) with a CCR2004-16G-2S+.
So now I have the feed from my ISP on port 16 of the CCR, it's on VLAN 201 because it's qwest and the pppoe client comes up just fine. I am hanging 7 gigabit devices off the first bank of switch ports on the CCR and then sfp+2 is connected via twinax into a CRS312 where my 10gig devices are hanging. All ports except the pppoe-out interface are in a bridge group.
This is what I always do on mikrotik routers, and I'm not an expert but this is not my first rodeo. For the most part, everything works as expected on 7.2rc3 and 7.1.2 but (here's the actual problem):
Any NAT policy I make under IP>Firewall>NAT is (edit) not working. Other the masquerade rule for outgoing traffic, nothing else works! None of the "port forwarding" or dst-nat works.
I see there are problems with this device with NAT and connections tracking. Honestly, I expected some early adopter pains, but reading about a similar issue in the older CCR2004 makes me wonder if there's a hardware problem with these devices that may not be able to be fixed.
What's the suggested code rev now? What can I do about the NAT policies not working? I thought maybe I hadn't properly defined my ingress interface in the policy, but no matter what I do (select pppoe-out or use the WAN group) the NAT will not work properly. Has anyone else had huge problems with NAT on this device? (I feel like I see hints of this on the forums and in rel notes.)
I'm not trying to do anything very intense. I just want to make a handful of "port forward" rules and let the device do it's job. Please help.