Hi. My company has LAN with domain mydomain.LOCAL. We have 2 servers (SERVER1 and SERVER2) My users wants to use single name mail.mydomain.ru (external internet address) for external access to the mail server SERVER1 (https) and RDP to terminal server SERVER2 because I configured 2 NAT rules:
from any to mail.mydomain.ru with https → internal server SERVER1 with https
from any to mail.mydomain.ru with rdp → internal server SERVER2 with rdp
but, when my users are localy (connects throug the LAN) they cannot reach internal servers (NAT doesn’t work). How to solve this problem with Mikrotik. Netgear solved this problem easy (but we changed it).
Too much generic (and without export compact) to find the problem.
But you can set RouterBoard as Primary DNS server and add static entry like mail.mydomain.ru 192.168.0.anyfreeip (or in any Primary DNS server inside yur LAN)
and on NAT:
dst 192.168.0.anyfreeip https → 192.168.0.server1 port https
dst 192.168.0.anyfreeip rdp → 192.168.0.server2 port rdp
I tried to add
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.110 dst-port=443 protocol=tcp src-address=192.168.30.0/24 to-addresses=192.168.30.1 to-ports=443
at the top of NAT rules, not working…
You need a Hairpin NAT rule.
Check here
So something like
/ip firewall nat
add chain=srcnat action=masquerade src-address=192.168.30.0/24 protocol=tcp port=443 dst-address=192.168.30.1 out-interface=
add chain=srcnat action=masquerade src-address=192.168.30.0/24 protocol=tcp port=3389 dst-address=192.168.30.2 out-interface=
