I have an RB493G that I am setting up as my home firewall / router.
I have an email server in house that needs to have ports forwarded to it. Specifically 443, 465, 993, and 25. I have NAT rules set up that are forwarding traffic nicely to the mail server, and all email is working.
However, I do have one problem. If I try to access my webmail (points to the server on the private network at home) while at home, I get an immediate page not found error. If I try to access my webmail from anywhere other than at home, it works fine. I CAN access the server at home using it's IP address, just not the URL. I know there is a rule or a way of setting up the NAT that I have just not done right.
Any ideas out there?
By the way, this is my first experience with Mikrotik products, and so far I am VERY impressed. The RB493g with the R52Hn radio is a really excellent combo.
Re: Proper NATing question
The simplest method is just to bring local DNS cache on Routerboard ans set static dns records to override public ip of server with local ip.
Othwerwise, you have to put server in different local ip range than lan, to be able to redirect connections from local network meant to go to local server but via external (public) ip.
Othwerwise, you have to put server in different local ip range than lan, to be able to redirect connections from local network meant to go to local server but via external (public) ip.
Re: Proper NATing question
Pardon my ignorance, but that seems like a strange thing to have to do. I am replacing a juniper netscreen 5-gt with this rb493g and I didn't have to do anything like that at all on the juniper. I just had to set firewall policies to route traffic.... Is there something else I am missing?
Re: Proper NATing question
Post the forwarding rulesI have an RB493G that I am setting up as my home firewall / router.
I have an email server in house that needs to have ports forwarded to it. Specifically 443, 465, 993, and 25. I have NAT rules set up that are forwarding traffic nicely to the mail server, and all email is working.
Proper NATing question
http://wiki.mikrotik.com/wiki/Hairpin_NAT - this outlines the issue you're facing in detail.
The Juniper boxes either does that automatically, or performs DNS fix up (which is what ASAs do, the manual workaround for using that option - of sorts, it is not a proper fix up manipulating the DNS reply itself) was suggested to you above).
You aren't using a Juniper box anymore, so things work differently. Juniper is great, but just like Cisco they automatically abstract a couple of things away for you. RouterOS is fairly bare bones - you can do the same things, but have to do them manually and explicitly.
The Juniper boxes either does that automatically, or performs DNS fix up (which is what ASAs do, the manual workaround for using that option - of sorts, it is not a proper fix up manipulating the DNS reply itself) was suggested to you above).
You aren't using a Juniper box anymore, so things work differently. Juniper is great, but just like Cisco they automatically abstract a couple of things away for you. RouterOS is fairly bare bones - you can do the same things, but have to do them manually and explicitly.
Who is online
Users browsing this forum: Google [Bot] and 102 guests