Weird Port Forward Issue Effecting internal network.

OfficeM · March 28, 2011, 2:44pm

Hi,

We are having a weird issue with with port forwarding rules.

We have a web server that requires port 80 forwarding to it, we have the following rules in place:

NAT Rule -

;;; Network NAT chain=srcnat action=masquerade src-address=0.0.0.0/0 out-interface=Public VLAN

Port Forward Rule -

 ;;; TOPdesk chain=dstnat action=dst-nat to-addresses=10.1.2.2 to-ports=80 protocol=tcp dst-address=[color=#FF0000](xx.xx.xx.xx)[/color] in-interface=Public VLAN dst-port=80

Externally this works a treat.

The issue is when we try and load the same page internally using the Public IP or Domain name it doesn’t work, we have to use the local IP which does load.

Any ideas?

Feklar · March 28, 2011, 2:54pm

http://wiki.mikrotik.com/wiki/Hairpin_NAT

Though that is an ugly way to go about it. It would be much easier and cleaner for you to put the web server on a “DMZ”. Basically give it it’s own interface, subnet, etc, and set up firewall rules appropriately.