Hello,
I have made a port forwarding for port 80 (from wan port to dmz). This works fine.
But when I try to open the domain from a lan port (with my public IP in browser or the domain which points to my public IP) the destination nat rule doesn work. Is there any workaround possible that I also can open my domain from the lan port and that I get the content via the internet from my dmz-port where the webserver is located?
You have three options:
Hairpin NAT. You should be able to find a few guides on this forum and the wiki to help you set this up. Essentially it translates “internal” requests and reroutes them properly for accessing your website from within the LAN. I’ve had mixed success with making Hairpin NAT work reliably on Mikrotik.
DNS. If you run an internal DNS server, you can change the mapping for “yourdomainname.com” to point instead to the private (internal LAN) IP of your web server. This will eliminate NAT from the picture entirely with internal website requests. I would consider this the best option.
Move the web server to another private subnet in your router config and route between (eg: your lan is 192.168.1.0/24, your web server would be on a different lan say 192.168.2.0/24). You’ll need to update the DST-NAT rule accordingly as well. Also make sure you have the necessary firewall rules in place to allow this type of communication.
Thx for the hints. 