I attached our network overview below. The problem is with an A DNS record pointing to Mikrotik’s WAN IP anyone on the Internet can access my web server, but not the LAN users reside Mikrotik’s LAN network. I tried configuring a Hairpin NAT rule but got easily confused and now both LAN and Internet users get Mikrotik’s Web UI instead Web Server.
How one should configure cleanly in this network setup ? I just wanted both LAN and Internet users to access the double NATed Web Server ? Thanks in advance
There’s nothing special about it. If it’s really double NAT, then Mikrotik forwards ports to 172.16.0.134 and doesn’t care what TP-Link does with it next.
One simple rule should be enough (if you have correct dstnat rules):
Agreed, the TPlink is a red herring but I want to see the actual implementation on the MT done so far,… not my problem you guys inherently didn’t get the curious gene
Thanks for the tip. With this setting now both local and Internet users can access the web server. Why destination address is a block rather then IP of web server?
It can be both. If it’s only one server, single address would be enough. Even single address and selected port(s) would suffice (as shown at https://wiki.mikrotik.com/wiki/Hairpin_NAT). But if you use whole subnet, you won’t have to worry about it, if you add other servers and forwarded ports in future, they will be already covered by this rule. And it doesn’t break anything to use whole subnet, because normally traffic from LAN subnet doesn’t go back to same subnet, so it doesn’t affect anything else.
