MikroTik community forum

NAT issue

RouterOS General

otgooneo October 12, 2011, 2:02am 1

Hi guys, I created one-to-one NAT using srcnat and dstnat chains. It works good from external hosts. But internal hosts can not use this NAT.

chain=srcnat action=src-nat to-addresses=202.XXX.XXX.6 
     src-address=172.28.3.184 out-interface=ether1 
chain=dstnat action=dst-nat to-addresses=172.28.3.184 
     dst-address=202.XXX.XXX.6

When user 172.28.3.181 tries to access to www.example.com (202.XXX.XXX.6):
src-address=172.28.3.181:1362 dst-address=202.XXX.XXX.6:80
reply-src-address=172.28.3.184:80 reply-dst-address=172.28.3.181:1362

So 172.28.3.181 receives reply from other address, there for TCP connection does not establish. Please advise.

kirshteins October 12, 2011, 9:03am 2

Please read this article: http://wiki.mikrotik.com/wiki/Hairpin_NAT

otgooneo October 12, 2011, 9:34am 3

Ohh thanks kirshteins. I tried my self to adding NAT rule like on this article. But my dst-address of rule was incorrect. It is very helpful article. Thanks again.