Community discussions

 
Abdullah236
just joined
Topic Author
Posts: 1
Joined: Tue Mar 19, 2019 11:06 am

mikrotik nat redirect to local from local

Wed Mar 20, 2019 11:00 am

I'm using Mikrotik 750GL and I have such a problem:

I have subnet 10.0.0.0/16

Router has local ip 10.0.0.1 and external ip (e.g. 1.1.1.1)

I forward some ports to my local hosts tutuapp (e.g. firewal nat dst-nat 1.1.1.1:444 -> 10.0.0.2:80)

When I go to 1.1.1.1:444 from internet, I can get access to my web server on 10.0.0.2, but when I go to 1.1.1.1:444 from LAN (e.g. 10.0.0.3), I stuck at loading page.

I understand, that 10.0.0.2 can answer to 10.0.0.3 only by switch routing and I tied to fix it by using new src-nat rule like 10.0.0.0/16 -> 2.2.2.2, but nothing goes well

Where I did mistake?
Last edited by Abdullah236 on Fri Mar 22, 2019 10:57 am, edited 1 time in total.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1700
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: mikrotik nat redirect to local from local

Wed Mar 20, 2019 11:19 am

Hey

Since you're changing port number on the external and internal ip's you'll need to do "hairpin" construction. see https://wiki.mikrotik.com/wiki/Hairpin_NAT or search on forlum.
 
User avatar
flaviojunior
Trainer
Trainer
Posts: 19
Joined: Thu Nov 17, 2016 6:27 pm
Location: Brazil
Contact:

Re: mikrotik nat redirect to local from local

Wed Mar 20, 2019 3:42 pm

Hey

Since you're changing port number on the external and internal ip's you'll need to do "hairpin" construction. see https://wiki.mikrotik.com/wiki/Hairpin_NAT or search on forlum.
So the probem is the answer of 10.0.0.2 to 10.0.0.3.

Let me try to explain, 10.0.0.3 send the package to 1.1.1.1:444, this address is not on hist subnet so 10.0.0.3 send the package to the gateway, his gateway is 10.0.0.1,
10.0.0.1 has a dst-nat to 10.0.0.2 so the router translate 1.1.1.1:444 to 10.0.0.2:80, the package reach 10.0.0.2:80, the package reach 10.0.0.2 with the src-address 10.0.0.3 so when 10.0.0.2 answer 10.0.0.3 it's on his subnet so 10.0.0.2 send the package direct to 10.0.0.3, what happens? 10.0.0.3 tried to connect 1.1.1.1:444 and receave the answer from 10.0.0.2:80 so it now work.
So to it work or 10.0.0.3 and 10.0.0.2 need to be on diferent subnets or,
send the connection direct to 10.0.0.2 because they are on the same subnet.

:D
Mikrotik Certified Trainer, Network Specialist.
Number 1 consultant Brazil, Rio de Janeiro
MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME, MTCIPv6E, MTCINE, MTCSE

Who is online

Users browsing this forum: No registered users and 19 guests