Mikrotik box, 2 network cards, INSIDE and OUTSIDE. I’m using masquerading to allow the private inside network access to the internet. I’m also using dstnat to map through port 80 to a webserver on the private INSIDE network. Here’s the problem I can access the webservice with its OUTSIDE/PUBLIC address just fine from the public internet. However, users on the INSIDE network cannot access it with the public address. Any ideas?? I think it has something to do with the masquerading. Any ideas would really be appreciated!!
Please, post your ‘DST-NAT’ rule, probably it causes issues.
Alternative, ‘dns static cache’ option to make sure that local web-server is accessible.
Forward DNS request to RouterOS dns cache, add server to static cache.
add chain=dstnat dst-address=205.162.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=172.16.0.6 to-ports=80
Here is the NAT rule, with the exception that I changed part of the dst-address to conceal the real IP.
As far as I know, a masq’ed network can’t dst-nat back into the same masq’ed network using masq/dst nat… Not unless more routers are used…
Perhaps there is a config I haven’t seen before, but I have experienced this very thing with allot of OSes…
do you think using src-nat without masquerading would work better.
Like this?
add chain=srcnat out-interface=OUT action=src-nat to-addresses=205.162.x.x to-ports=0-65535
i’m facing the same problem
i also tried to src-nat the internal network to a public ip and i still can’t access my webserver from the internal network
any help would be appreciated !
Regards,