hairpin nat when router is NATed

gdanov · January 26, 2022, 10:46am

I use ZTE LTE modem for WAN. Unfortunately it’s bridge mode is buggy (or MT is buggy) and freezes frequently, so the modem is in router mode and my MT firewall “sees” 192.168.254.x/24 IP as it’s external IP.

I need to implement hairpin nat, but on the MT. Rule like this does the job:
pseudocode

chain: dst-nat src-address: dst-address: action: dst-nat to-addr: ports and so on

Problem is my WAN IP is not fixed and I can’t figure out how to have address list containing my up-to-date wan ip. Suggestions how to have hairpin on NATed router?

Sob · January 26, 2022, 11:43am

You need DDNS (you can use built-in IP->Cloud), then add hostname to address list:

/ip firewall address-list
add list=my-wan-ip address=<your DDNS hostname>

Router will automatically resolve it based on TTL. And then in NAT rule use dst-address-list=my-wan-ip.

gdanov · January 26, 2022, 12:09pm

wow, wasn’t aware I can put DNS names in address list. re-resolving is based on the DNS record TTL, right?

anav · January 26, 2022, 12:49pm

Yup!
Happy reading…
https://forum.mikrotik.com/viewtopic.php?t=179343

gdanov · January 26, 2022, 12:54pm

thanks! technically I don’t have src-nat problem and don’t need hairpin nat but anyhow…

anav · January 26, 2022, 2:01pm

Whatever is working stick with it!!
( Just for sob: Of course if its not configured my way, … there can only be one! )