i have a problem about hairpin.
i want to use hairpin so i can access my cctv using my dyndns domain even im from local network.
i already set the hairpin masquerade like in the manual wiki. but it doesn’t work.
my topology is
internet > modem > mikrotik > client
my dyndns (ip public) is placed in my modem, and my modem is not support for feature like nat loopback or masquerade stuff.
and i guess, the source IP changed by modem. (before going back to mikrotik) that just my guess i dont know how to check it.
the only thing i can set is just my mikrotik. and also there is another network that connected to my modem. so i cant set my mikrotik as modem (moving dyndns to mikrotik).
any suggestion what can i do about it?
thank you for your reply docmarius.
i already apply your suggestion.
when i tried to access my cctv it said “connecting” instead of instantly “connection failed” like before.
but the cctv stream still not show up.
I think here you have a reverse path issue.
The cctv tries to send you a stream originating on the cctv and does not have proper IPs and routes to your client, which is not covered by connection tracking.
The probable cause is improper or missing NAT somewhere.
You need to except the client to cctv path from NAT so that the request arrives at the CCTV with the original client’s LAN IP address, not src-nat-ed to the router IP (as done by the hairpin masquerade).
First step would be to disable hairpin NAT, check if it is working, and then adapt the rules.
Use torch to verify this…