i use a RB150 Router with adsl. A webserver is running in the internal lan. Over a nat-dst rule the port tcp 80 is mapped to the internal ip, access over the pulbic interface is well. But if i would access the webserver with the public ip from the internal lan, the connection ends always on the mikrotik (webbox). I won´t add a static entry with the internal ip from the webserver in the dns-server on mikrotik.
You have in-interface=adsl in your rule, it means that connections will be dstnatted only if they are comming from public interface.
Something like this should work:
chain=dstnat action=dst-nat to-addresses=xx.xx.xx.xx to-ports=80
src-address=<your_public_IP> dst-port=80 protocol=tcp
this maps the port direct. But if i use this rule or with nat and do not specifiy an interface all outgoing connectios over port 80 (all web traffic from all clients) ends at the mikrotik admin site.
I have four interfaces on my firewall, the address range 192.168.2.0/24 is my DMZ with 8 servers in it. If I come in from any of the other 3 interfaces I can get to my webservers via the nat.
I have a couple of mail servers in the same DMZ, one is a virtual host with 70 websites. So I really want to avoid adding a static entry on each server to resolve to a server in the same subnet. All my servers use the firewall (mikrotik) interface as their DNS and I’ve setup DNS STATIC entrys on my firewall to route to appropriate servers.
However, I’m unable to get them to resolve to the internal IP. Even the Mikrotik is resolving to the “Real” external DNS address. I’ve flushed the cache and am not sure where to go from here.
Any pointers appreciated. Sorry if I’ve hijacked your thread, but I felt this was very much on the same topic.
