MikroTik community forum

port forward

RouterOS General

akram February 25, 2009, 1:03pm 1

i have intranet website ,i can acess it from outside http://xxx.xxx.xxx.xxx:80 it works fine
and when i access it insde http://192.168.1.12 it works fine too

but when i try http://xxx.xxx.xxx.xxx from inside ,it give the website of mikrotik? ,what can i do it make it work from inside when i access http://xxx.xxx.xxx.xxx

help me guys

SurferTim February 25, 2009, 1:35pm 2

Greetings!

Take a look at this post and see if it helps.
http://forum.mikrotik.com/t/connecting-to-internal-exchange-server-with-external-hostnam/26311/1

If that is not enough, then if you could show me
/ip firewall nat print

akram February 25, 2009, 2:24pm 3

3 ;;; port Forward - Public to private server to ssp.salis-it.com
chain=dstnat action=dst-nat to-addresses=192.168.1.199 to-ports=80
protocol=tcp dst-address=196.219.31.41 in-interface=SWAN dst-port=80

4 ;;; port Forward - Public to private server to ssp.salis-it.com:8888 - Ad>
istration
chain=dstnat action=dst-nat to-addresses=192.168.1.199 to-ports=8888
protocol=tcp dst-address=196.219.31.41 in-interface=SWAN dst-port=8888

5 ;;; port Forward - Public to private server to intranet.salis-it.com:80
chain=dstnat action=dst-nat to-addresses=192.168.1.12 to-ports=80
protocol=tcp dst-address=196.219.31.39 in-interface=SWAN dst-port=80

6 X ;;; port Forward - Public to private server to intranet.salis-it.com:80 n>
working
chain=dstnat action=dst-nat to-addresses=192.168.1.12 to-ports=80
protocol=tcp dst-address=196.219.31.39 in-interface=SLAN dst-port=80

7 ;;; port Forward - Public to private server to Ftp
chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=21
protocol=tcp dst-address=196.219.31.37 in-interface=SWAN dst-port=21

8 ;;; port Forward - Public to private server to Mail.salis-it.com:80
chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=80
protocol=tcp dst-address=196.219.31.35 in-interface=SWAN dst-port=80

9 ;;; port Forward - Public to private server to vpn - 192.168.1.3
chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=1723

SurferTim February 25, 2009, 4:29pm 4

The dstnat rules should be matched with a srcnat rule. Did you look at my post on the other topic? Each dstnat has a matching srcnat. I see no srcnats or masquerades there at all.

akram February 26, 2009, 8:12am 5

i add the src too but nothing ,still goes to mikrotik router webpage

akram February 26, 2009, 8:14am 6

1 ;;; Backup1 : Internet Throught SWAN -To Leased Line Router - Not ISA -No>
DSL
chain=srcnat action=masquerade out-interface=SWAN

this is the masquerade for internet to ppl

here the src nat

5 ;;; test
chain=srcnat action=src-nat to-addresses=196.219.31.39
src-address=192.168.1.12

6 ;;; Test2
chain=srcnat action=src-nat to-addresses=196.219.31.34
src-address=192.168.1.0/24

SurferTim March 2, 2009, 9:26am 7

You should not need the first nat rule (masquerade). That is what caused the trouble on my network. I recommend disabling that rule and trying it.

skillful March 2, 2009, 10:35pm 8

An option is to change the www service port of your mikrotik router from 80 to some other port, i.e. 808.

/ip service set www address=0.0.0.0/0 disabled=no port=808

This will prevent the mikrotik router from hijacking all port 80 traffic. You can now access the inbuilt mikrotik http server on port 808 when the need arises.

akram March 4, 2009, 8:01am 9

if i disabled masqurade , there will not be any internet for the netwok ,so is there any solution to give internet to ppl after i disable the masqurade