http access to wan ip from the lan

matt7522 · September 1, 2006, 8:09pm

I have several PCs in the LAN behind a miktrotik v.2.9 with two interfaces (LAN and WAN). Filter and nat rules seem to be doing the job, with one exception. There’s a web site on the LAN side with an appropriate nat rule to allow dstnatting to it from the outside world, and that works. However, if one tries to access the website (using the mikrotik’s public IP address) from within the LAN, it is impossible.

I found some mention of this in documentation for v 2.3. It says:

The server cannot be accessed at 10.1.1.12:8080 from the local network. It is due to the fact, that the server sees request coming from its own network, and it responds back directly, i.e., bypassing the router and the NAT rule.

If I understood the wording correctly, it said to put the web server on a different private subnet. Still was hoping a fix exists since v. 2.3 so that a nat or route or filter rule would do the job instead…

csickles · September 1, 2006, 9:24pm

If you host DNS local on your LAN then just point the DNS entry for the local server to its local address..

This means tou have two DNS servers…

One for public use IE from outside the network
One for private use IE inside your network.. (usualy required for AD..)

Craig

matt7522 · September 2, 2006, 2:43am

I see. I have local dns and now I have a use for it. I made a zone file for the local server and now the website is accessible by name from the LAN. Many thanks for your response.

cheesewright · September 20, 2006, 10:49pm

I found a more elegant way to do it, if you have a managed switch. Create a VLAN on the switch for the servers which need to be accessed from within the LAN using their public ip’s. The Mikrotik must also be a member of this VLAN. Then add the VLAN on your Mikrotik to the LAN interface. Assign all hosts on the VLAN a subnet separate from your LAN. The Mikrotik then routes all traffic perfectly between the VLAN and the LAN.