Community discussions

 
logannc
just joined
Topic Author
Posts: 2
Joined: Fri Jan 12, 2018 8:50 am

dst-nat outbound traffic?

Fri Jan 12, 2018 8:58 am

Let's say I have a service running on privateIP on privatePort and wish to enable connections to it via publicIP on publicPort.

That easy, we just set up a dst-nat action on dstnat chain in the NAT table from dst-address=publicIP dst-port=publicPort to to-address=privateIP to-port=privatePort.

And now anyone outside of my LAN that tries to access the service using the public values get access and all is good with the world.

But if I try to use the public values from INSIDE the LAN, it seems to not work. I had originally thought this might be because I didn't have something in srcnat chain but I can see a single packet in the statistics for my dst-nat action. Is such a configuration possible or do I just need to use the private values inside the LAN?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 7850
Joined: Mon Jun 19, 2006 11:15 pm
Location: velcom, Minsk, Belarus
Contact:

Re: dst-nat outbound traffic?  [SOLVED]

Fri Jan 12, 2018 3:14 pm

https://wiki.mikrotik.com/wiki/Hairpin_NAT

So - yes, using private addresses is the most correct solution.

You may use DNS names, when somename.org resolves into public address, and then add static entry with that name to router's DNS, so all internal clients will resolve it to private IP.
Russian-speaking forum: http://forum.mikrotik.by. Welcome :)

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
logannc
just joined
Topic Author
Posts: 2
Joined: Fri Jan 12, 2018 8:50 am

Re: dst-nat outbound traffic?

Sat Jan 13, 2018 2:06 am

This is exactly what I needed, thank you! I knew I must have been missing something!

Who is online

Users browsing this forum: No registered users and 11 guests