Page 1 of 1

Question about hairpin nat

Posted: Mon Oct 24, 2016 9:39 am
by ik3umt
As per wiki :

Image

Basic config :
/ip firewall nat
add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.1.2
add chain=srcnat out-interface=WAN action=masquerade
Hairpin NAT:
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24  dst-address=192.168.1.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade
What if I have mutiple services (ports) to reach into 192.168.1.2 server ??
Could I simply omit "dst-port=80" on hairpin rule ?

Re: Question about hairpin nat

Posted: Mon Oct 24, 2016 11:16 am
by blajah
That should work.