Domain does not redirect correctly to NAT:Port but to Router

bekax5 · August 9, 2015, 12:04am

Hello everyone.

I am currently using a CRS109-8G-1S-2HnD-IN with OS6.28.

I have a valid SSL/TLS certificate that points to my external IP.
Although when I use it inside of the network, the mikrotik does not point to the correct IP:Port that should,
but redirects to the router’s IP and not the correct NATed IP:Port.

Is there any configuration to manage this?

Best regards.

bekax5 · August 12, 2015, 10:22pm

Anyone ?

Basically, what I’m trying to do is access:
http://domain.com:8080 (since I have a dst-nat map to internal IP 192.168.1.100:8080)
But instead, it gives me the router’s IP:Port, meaning: http://192.168.1.254:8080

Perhaps something missing in the NAT ? Any ideas?

deanMKD1 · August 12, 2015, 11:12pm

Dont forward to port 80 ! Port 80 is allready “bisy” from WebFig Administration Panel from MikroTik. Please cheange the port to 82 for ex, and try again, or change Webfig port from 80 to another else.

bekax5 · August 13, 2015, 1:24am

Perhaps I didn’t explain well.

My problem is after I forwarded several ports via Nat to the outside (Internet), and I try to access them with the domain name it actually redirects to the router IP and not to the natted IP.
It is not port specific.

Example:
I have the following rule: dst-nat port:21 to-address:192.168.1.100
I try to access: domain.com:21 (which should be natted to IP .100) but I get the router’s IP (.254) and port 21.
Same with any other natted port and IP, instead of the to-address the destination is the router’s IP and not the one from the rule.

This although only happens when I try to access from the LAN with the domain name.

I hope I could explain myself better =)
Ideas ?

blajah · August 13, 2015, 5:22am

Looks like this is what you are looking for:
http://wiki.mikrotik.com/wiki/Hairpin_NAT

bekax5 · August 13, 2015, 4:37pm

That was exactly what I was searching for.
Thanks a lot !!

I was reading a bit more to see how to set a general rule for the hairpin NAT from 192.168.1.0/24 to 192.168.1.0/24.

I am although, trying to set it like this:

add action=masquerade chain=srcnat dst-address=192.168.1.0/24 out-interface=sfp1-slave-local src-address=192.168.1.0/24

I read that I should set the out-interface as the LAN interface, but the OS does not allow me to set it like this.
Even with bridge-local as the out-interface, it is still not working.
Am I missing something ?

bekax5 · August 13, 2015, 6:18pm

Update:

Nevermind.
My other NAT rules were set with in-interface=pppoe-out1
I did change them From in-interface=pppoe-out1 To dst-address-type=local

Now everything is working with a general Hairpin NAT rule.
Thanks for all!

blajah · August 13, 2015, 8:10pm

Hi,

glad i was able to help. Enjoy your MT devices