3 ;;; Web server
chain=dstnat action=dst-nat to-addresses=192.168.0.2 to-ports=80
protocol=tcp dst-port=80
I can access home web server from external IP without any problem.
Accessing home web server by typing Mikrotik WAN IP address from one local device is also working. If I am trying to connect to home web server from second local device, I get “This site cannot be reached”. In Winbox->Firewall->Connections I can see established connection from first local device (SRC address is Linksys WAN IP). After web page is closed on first device and connection in Winbox is removed, it becomes possible to access home web server from another local device.
Before upgrading home network (when I was using only Linksys router) everything worked fine, so I suggest that Linksys router handles all connection as expected.
Which Mikrotik’s NAT rule should I add or modify in order to resolve two-router setup Hairpin NAT problem?
why you put linksys router interface in dst-address? linksys is your web server?
why you put lan of mikrotik in src-address, if all your lan devices in linksys lan?
Mikrotik has not any information about Linksys LAN segment and from Mikrotik side 192.168.1.0 subnet is not reachable.
Port 80 on Linksys is forwarded to 192.168.1.2.
It was an objective adding Mikrotik router to have two separate subnets, where first one (Mikrotik LAN) has no access to second subnet.
By now the only working solution is to define static DNS (domain name of Mikrotik WAN IP) on Mikrotik router.
Requests from outside are being forwarded to Linksys (to Linksys WAN IP) and after to WEB server.
By setting static DNS on Mikrotik router local clients connects directly to Linksys WAN IP and no Hairpin NAT on Mikrotik router is needed.
If local device (laptop) is moved to another place and becomes external device, it receives another DNS record from router it is connected to and link to home server is being established without any problem.
