Hairpin doesn't work with the private WAN IPs

RouterOS General
1

I’m using 6.30.1

I followed this manual to setup Hairpin: http://wiki.mikrotik.com/wiki/Hairpin_NAT

And it used to work just fine until I switched to Verizon FIOS ISP, their Action Tech router can only offer you the private IP with DMZ configured, otherwise the TV wont work if I setup the bridge mode.

This is how it’s currently setup:

Action Tech from Verizon FIOS:
WAN IP: Dynamic
LAN IP: 192.168.1.1/24
DMZ: 192.168.1.2

Mikrotik:
WAN IP: 192.168.1.2/24
LAN IP: 10.0.0.0/24
Web server: 10.0.0.254

Hairpin is setup as follows:
[admin@MikroTik] /ip firewall nat> print
0 chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=“”
1 chain=dstnat action=dst-nat to-addresses=10.0.0.254 to-ports=80 protocol=tcp in-interface=ether1-gateway dst-port=80 log=no log-prefix=“”
2 chain=srcnat action=masquerade protocol=tcp src-address=10.0.0.0/24 dst-address=10.0.0.254 dst-port=80 log=no log-prefix=“”

Changing rule #1 by replacing in-interface=ether1-gateway with dst-address-type=local doesn’t make any difference.

Please advise.

2

Your issue is that you currently have “Double NAT”. So no amount of changes to your Mikrotik is going to help with NAT issues on the Actiontec.

What you will need to do is reconfigure the Actiontec so that it is not your primary router, BUT you need to keep it in order to get the On-Demand and Guide data. You can follow the information at the following link, but it is pretty complicated.

http://www.dslreports.com/forum/r17679150-How-to-make-ActionTec-MI424-WR-a-network-bridge

3

I just don’t understand why it’s related to my ISP.
All I’m trying to do is redirect port 80 internally within my own network.

The logic is: if packet comes from 10.0.0.0/24 on eth1 to specific Public IP: 1.2.3.4 and dest. port is 80 - redirect it to 10.0.0.254.

Thanks.