I have a public domain name pointing to my static ip address.
In RouterOS, I have restricted www access to MikroTik router to local addresses 192.168.0.0/24.
When I use my mobile device (wirelessly connected to my LAN) to access port 80 by using my domain name, I am presented with the RouterOS Webfig logon screen.
Can someone please explain the routing and NAT’ing that gets me there? Shouldn’t the domain name be resolved, the packet exits through ppoe-out, and returns to my static ip addr. from some router outside my LAN?
Thanks.
I don’t think the hairpin is what I’m looking for – I don’t want my local server to see the request as coming from a local address – I want it to come from my public ip address. If I want the WebFig logon page, I can use my router address.
Actually, I don’t have port 80 open right now, and I can see in the log that people are trying to access it, but being denied.
I am trying to get that same response for myself by accessing my domain.
Is there some way to force a packet addressed to my public ip address to actually go out into the public internet and be directed back at me?
I can probably use that hairpin rule when I set up my email.
*** NOTE TO ADMINISTRATORS ***
Right after I started this topic, there was a flurry of attempts to access my port 80. Is there some way that hackers can read my ip addr. from this forum?
If your router has the public addres, you can’t make connections from LAN to this address go outside and then return back as if they were coming from internet (actually, it would be possible with some tricks and help of external device, but it would not make any serious sense).
If I understand it correctly now on second try, you don’t have any webserver accesible using your hostname and want the same happen to internal clients too. If so, simply block access to :80 using firewallm e.g.:
Email on my mobile works on the LAN now with the hairpin, and without modification to the mobile’s settings. Thanks for your help.
I just have to visit the local coffee shop and use their wifi to check remote access
