NAT Loopback for beginner

RealMuhko · January 5, 2018, 11:51pm

Dear Forum.

I need to enable some kind of “NAT Loopback” on my RouterOS device for my LAN clients to be able to reach my LAN server via my public static IP address.

When my clients use http://<local_server_ip> they can reach the webserver without any problems, but when the same clients use http://public_wan_ip they can not reach the webserver.

Clients from outside my network can reach the webserver via http://public_wan_ip without any problem.

My guess is I need to enable some kind of NAT Loopback but I do not have a clue of how to do this in RouterOS.

Here are the details:

WAN interface: ether1
LAN interface: ether2

Router: 192.168.1.1
Clients: 192.168.1.2 - 192.168.1.20
Server Local IP: 192.168.1.101
Subnet: 255.255.255.0
Public IP: 4.8.12.16 (not my actual IP)

Is it possible in some easy way to make it possible for the LAN clients to reach the (local) server via the public WAN IP address ?

Thanks guys !

tomaskir · January 6, 2018, 1:38am

There is a very good article on the wiki that describes all you need to know:
https://wiki.mikrotik.com/wiki/Hairpin_NAT

Steveocee · January 6, 2018, 7:52pm

I did a video covering this recently
https://youtu.be/_kw_bQyX-3U

MaxKielland · January 7, 2018, 2:52pm

This Wiki doesn’t work, I end up on the MikroTik login page instead of being NAT:ed to the web server.
However the Video - posted by Steveocee works!

Steveocee · January 8, 2018, 10:04am

I made it because the wiki at the time seemed not to work and was quite cumbersome.

youbecha · February 3, 2018, 10:01pm

Steveocee,

BTW, I think you do a great job in explaining things in video!

However in this case, It doesn’t work for me.

I am sure there are other settings I have wrong…but my background is about 10 years using DD-WRT…and as I remember it had a button or automatically did the ‘local loopback’ or ‘hairpin’.

I have done a few setups, including your video but still same problem. I have 6.41, don’t know if that broke some things…

Specifically I am trying to access a forwarded port using the external name. but I can’t get port access even if I type the external IP address from a local computer…I can access using an external computer using the external name or IP address. Funny enough, even with nothing set, the external IP address typed into a local browser (without the forwarded port in the address) gives me the RouterOS admin signin page. So there is some functionality that allows that loopback…but not my forwarded ports.

…yes the forwarded ports work from an external computer…

I know I was getting into a technical device by getting this hardware…but it is like buying a piano, and getting a box of metal strings…

purplecloud · February 3, 2018, 10:35pm

Thank you for this! It’s very helpful and easy to follow your instructions.

Sob · February 4, 2018, 2:44am

Posting more detailed info about your config would probably help (what exact firewall rules you have, info about addresses, etc..). Or simply export of your configuration, if you don’t have something sensitive to hide.