Hello all,
i have a strange (for me) problem, but first lets explain what i want.
I want from internal LAN to access the internal webserver via public mydomain.com. To note i don’t have problem to access the web server from outside!
I have 2 networks, the first one is my LAN(home stuff) network 192.168.88.0/24 and VLAN 44 - 10.00.44.0/24, in this VLAN i have Nginx(10.00.44.5) linux server and some other stuff. When i try to investigate i disable all drop rules in firewall just to be sure the problem is not there.
What works: Device in public->mydomain.com(dstnat to 10.00.44.5(443 and 80 port)->Page load OK
What works: Device in LAN network(192.168.88.60)->10.00.44.5->Page load OK
What DON’T work: Device in LAN(192.168.88.60) or VLAN44(10.00.44.60)->mydomain.com(dstnat to 10.00.44.5(443 and 80 port)->Page gives error “This site can’t be reached… ERR_HTTP2_PROTOCOL_ERROR”
If i try on the Device in LAN or VLAN44 to ping mydomain.com i see succesfuly resolved the IP(WAN IP): Pinging mydomain.com [WAN_IP] with 32 bytes of data…
My NAT config:
/ip firewall nat add action=dst-nat chain=dstnat comment="NGINX TCP 443 -> 443" dst-address-list=WAN_IP dst-port=443 protocol=tcp to-addresses=10.00.44.5 to-ports=443
/ip firewall nat add action=dst-nat chain=dstnat comment="NGINX TCP 80 -> 80" dst-address-list=WAN_IP dst-port=80 protocol=tcp to-addresses=10.00.44.5 to-ports=80
I try to add this srcnat:
/ip firewall nat add action=masquerade chain=srcnat disabled=no dst-address=10.00.44.0/24 protocol=tcp src-address=10.00.44.0/24
I try to add static DNS entry
mydomain.com - 10.00.44.5
, and check the device now resolve this IP, not WAN IP but again same error page…
Without result.
ROS 7.1.3 (RB3011UiAS)
Feeling lost…