Access to NAS from inside LAN

RouterOS Beginner Basics
1

Hello

I bought a Synology NAS. I’d like to setup DS File tool, from and outside my LAN, without QuickConnect functionality (easy but not performant).
Therefore,

  • I subscribe to Synology DNS as I don’t have a fix IP → x.myds.me
  • I forwarded required port (5000) to my NAS

Working perfeclty.. from outside the LAN. :smiley:
From inside the LAN, I’m struggeling to connect via x.myds.me.

I read Mikrotik tutorial about Hairpin NAT, and tried to configure my router accordingly but without success.. :frowning:

Could someone give me a hand ?

Please find below my configuration.

Thanks a lot in advance !

Architecture :

  • router : 192.168.88.1
  • NAS (server) : 192.168.88.237 (IP fixed)
  • phone (client) - on WiFi : 192.168.88.238 (IP fixed)

Current configuration (ok from outside LAN) :

  • Defautl Mikrotik NAT rule:
chain = srcnat
out-interface = ether1-gateway
action = masquerade
  • Port forwarding :
chain = dstnat
protocol = 6
dst-port = 5000
in-interface = ether1-gateway
action = dst-nat
to-address = 192.168.88.237
to-ports = 5000

I tried following srcnat rule but with no success :

chain = srcnat
src-address = 192.168.88.0/24
dst-address = 192.168.88.237
protocol = 6
dst-port = 5000
out-interface = bridge-local
action = masquerade
2

Up..

Thanks in advance for your help

3

I’m struggling with the same challange.
Found out that if you remove the in-interface parameter of your dstnat rule, it works, but then traffic in both directions is dst-nat’d which is undesirable.
I had it working in the past when I had a pppoe connection which gave me a pppoe interface carrying my public IP address.
No since I have my public IP address on one of the ether interfaces (ether1 in my case) the Hairpin NAT rules are not working anymore.
Another possible solution is supply your public IP address on your dst-nat rules, but since I have a dynamic IP I do not want that in the first place because I have to write a script to change all the rules when my public IP changes. I will do that when there is not alternative way but for now, I just keep connecting with IP when inside the network.

4

On the other hand, I already had a script and found a one-line command to change the NAT rules.
Works fine.
/ip firewall nat set [/ip firewall nat find where dst-address=old] dst-address=new