Got a fairly simple (double) NAT question (I think):
My setup:
https://ibb.co/sChnP46
I have a Mikrotik Hap AC2 connected to my ISP Modem/Router (not in bridge mode).
The MT gets static IP 192.168.0.4 on the ISP Router.
A webserver is connected to the MT, and gets static IP 10.0.1.5
I connect with my laptop to my ISP Router (Wifi is faster)
I would like to create a webhook to connect to my server.
So far I’ve created:
- a port forward on my ISP router for port 8281 to point to 192.168.0.4 with port-forward 8581
- a NAT rule to connect to the webserver via Dynamic DNS (myusername.no-ip.org:8581) and this works perfectly as it should.
Now I also would like to connect to my webserver locally by entering 192.168.0.4:8581 but so far I can’t get it to work.
Could anybody please point me in the right direction on how to proceed?
Thank you very much
FYI: My webserver is in a VLAN20
Below is my firewall config:
# feb/14/2022 09:22:27 by RouterOS 6.47.10
# software id = XJIR-23KF
#
# model = RBD52G-5HacD2HnD
# serial number = E5780FA00097
/ip firewall address-list
add address=192.168.0.4 list=WAN
add address=192.168.0.0/24 list=LAN
add address=10.0.2.20-10.0.2.50 list="Guest users"
add address=10.0.1.20-10.0.1.50 list="IoT devices"
add address=10.0.0.0-10.0.0.50 list="Main devices"
/ip firewall filter
add action=drop chain=forward comment="Drop all from IOT to MAIN" dst-address=\
10.0.0.0/24 src-address=10.0.1.0/24
add action=drop chain=input comment="Block guest - local ports" dst-address=192.168.0.4 \
dst-port=80,21,22,23,8291 protocol=tcp src-address-list="Guest users"
add action=drop chain=input comment="Block guest - LAN" dst-address=192.168.88.0/24 \
src-address-list="Guest users"
/ip firewall nat
add action=masquerade chain=srcnat dst-address=10.0.1.0/24 src-address=10.0.1.0/24
add action=masquerade chain=srcnat out-interface=ether1-WAN
add action=dst-nat chain=dstnat comment=Homebridge dst-address=192.168.0.4 dst-port=\
8581 in-interface=ether1-WAN protocol=tcp to-addresses=10.0.1.5 to-ports=8581
[admin@MikroTik] >