Cannot connect from LAN to WAN IP

MrdotApple · December 7, 2016, 7:55pm

Hi,
I have only two firewall rule.
chain=srcnat action=masquerade out-interface=ether1
chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=80 protocol=tcp in-interface=ether1 dst-port=80

My problem is, I have 2 connection on the ether2 interface, 192.168.1.1 (.1 is a win 2012 server), 192.168.1.10 (.10 is a management win 10 client).

When I connect to the server WAN IP from my home PC the website loading, everything right. But when I try to connect from 1.10 management windows 10 client I am getting:
This site can’t be reached

WAN IP ADDRESS refused to connect.

What can be the problem?

JB172 · December 7, 2016, 8:02pm

Check this: http://wiki.mikrotik.com/wiki/Hairpin_NAT

estar · December 7, 2016, 10:29pm

If your connecting via a wireless ap connection you may have default forward not ticked which blocks client to client connections to the ap. That would explain if that’s how it’s setup. Or if it’s not setup like that you need to do some tests like ping the server from the router to check if it can connect to the gateway. If not check the tests from the server itself too. Sounds like your computer works OK or you wouldn’t be able to get online.

syedwajahat · December 9, 2016, 3:25pm

Both Side Nating Enable 1. Mikrotik and 2. Windows Server 2012

janus20 · December 9, 2016, 7:12pm

Hi,

Based on your two rules and the fact that you need Hairpin Nat, try this:

/ip firewall nat
add action=masquerade chain=srcnat comment="Access WAN from local LAN" dst-address=192.168.1.1 dst-port=80 out-interface=\
    bridge-LAN protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1 to-ports=80

bridge-LAN = {local_lan_port or lan_bridge_name }

Hope that helps!

kind regards,