Recently purchased hAP ac router as a replacement of my old TP-Link and almost instantly faced and issue trying to reproduce old settings:
General config: eth1 - WAN, eth2-5 LAN (switch), WiFi bridged with LAN master port. Default set of firewall rules.
I’ve dst-nat’ted some ports to my FTP server and it works fine with external requests, but won’t work with requests form LAN network (10.0.0.0/27) add action=dst-nat chain=dstnat comment=FTP dst-address=(WAN IP) dst-port=
21,12900-13000 log=yes protocol=tcp to-addresses=10.0.0.1
When I try to access my FTP form a smartphone connected to WiFi, I see nat rule counter changes value but FTP is still inaccessible.
PS I suggest that nat won’t correctly redirect the response to client device.
I also set up alike rule for WoL, which works over udp, and it works for both, external and internal requests.
Using the DNS means that you always have to use the switch part so that they can see each other.
Hairpin is more flexible and that the there was nu return traffic was because MASQ should be used. Also look at local when natting and so you cover you WAN address even if that is dynamic.
When using Hairpin, all traffic for the FTP connection will go through the Mikrotik. In a scenario where the user’s network looks like this: Modem —> Mikrotik —> Big-Switch and the FTP client and FTP server are connected to the Big-Switch, all FTP traffic will sill go to the Mikrotik. Thus, your bandwidth is halved as well. If you have a 100 mbit link between the Mikrotik and Big-Switch, you can expect 50 mbps max throughput of a file transfer. Other users may find the internet slower too since the Mikrotik —> Big-Switch link is saturated.
If you do the trick with DNS then you use switching just like you put the IP address directly. The Mikrotik is a router, but the local port also swtich.
100Mbit/s is not that 2017 any more and you have 1Gbit/s these day’s and even full duplex.