In my local network, I have an Ubuntu server which host a web application. In my local network, this web application is accessible from 192.168.0.100 . What I am trying to do is to connect this web application with a domain name. What I have done till now:
I added an A record to the domain name pointing my public IP (I have static public IP)
In Mikrotik, I opened the ports 80, 443 (in IP/Firewall/Nat)
In Ubuntu server, I added a virtual host for my domain and installed Let’s Encrypt certificate
And all works fine! The https : //mydomain.com shows my web application. The only problem is that this configuration I have done, is working only outside local network. When I am connected in the local network, mydomain.com can’t be resolved successfully. I tried and I added a static DNS entry in IP/DNS/ :
I’m sure this is possible with DNS and without hairpin NAT. At work we have some hosts that are resolved from our internal DNS server to their internal IP addresses, whereas on the Internet they resolve to their external (NAT) address.
Is your Mikrotik configured as a DNS server, and used as primary resolver by your internal devices?
Using a static DNS entry with Mikrotik as DNS server would work as well…
However reading about Hairping NAT will help you understand why it doesn’t work right now…
Whether or not your devices use the Mikrotik as their DNS server depends on how they’re configured. Easiest way to configured this is normally to configure your DHCP server to give out your preferred DNS server. If you’re using your Mikrotik as DHCP server as well, then this is configured in Winbox under IP / DHCP Server / Network. Set DNS Server to be the IP address of the Mikrotik
And your second question, yes it’s a good idea at least in my opinion. Apart from being able to configure local names like we’re discussing here there is also the benefit that the Mikrotik caches the names it resolves, so regularly used names don’t need to be looked up from the Internet.
however, the parameter out-interface=LAN what does it mean, because in my case I don’t have such interface. I that option I have:
It means that the out interface is your Lan Network…
Masquerade is a unique subversion of action=srcnat, https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Masquerade
src-nat happens at the postrouting Chain, so it applies to packets as they leave the network interface, thats why we use out-interface=LAN, so that we masquerade the packets leaving the Lan interface, meaning they will leave with the LANs interface IP address…
So when you try to reach your Server, the Server will actually see the LANs Interface IP address and not the Clients IP…
I’m resurrecting this discussion because I have a similar problem… I have to access my domain with public ip from inside my lan, ngenix redirects https calls to my server: 10.0.0.100
From the outside everything works fine, from inside my network it doesn’t
