web server behind mikrotik internal userscannot browse site

RouterOS General
1

Hi

I have a web server behind a Mikrotik hosting http://www.xyz.com
people can browse the http://www.xyz.com if they are OUTSIDE my network
but no one can browse the http://www.xyz.com if they come in to my network

if I do not define the out-interface on masquerade it works but then a whole new box of baaaad stuff happens with other stuff

here is my setup
dsl with dynamic ip with changeip service
my mikrotik web interface is on port 88

add disabled=no interface=eth1-LAN type=internal
add disabled=no interface=eth3-DSL type=external

add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=eth3-DSL protocol=tcp to-addresses=192.168.99.250
add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=eth1-LAN protocol=tcp to-addresses=192.168.99.250

add action=masquerade chain=srcnat disabled=no out-interface=eth3-DSL

Oh I have only one IP …

2

four solutions, the first one is the best =)

  1. you may use split-DNS, so that your internal users receive server’s internal address
  2. you may use web-proxy in MT, just set static entry in /ip dns for your sitename and internal address
  3. move your server’s address to another IP subnet
  4. simply add src-nat rule, as you cannot dst-nat to the same subnet

p.s. yahooo!!! it’s my 2009’th post on The Forum :smiley: