Page 1 of 1

mikrotik nat redirect to local from local

Posted: Wed Mar 20, 2019 11:00 am
by Abdullah236
I'm using Mikrotik 750GL and I have such a problem:

I have subnet 10.0.0.0/16

Router has local ip 10.0.0.1 and external ip (e.g. 1.1.1.1)

I forward some ports to my local hosts tutuapp (e.g. firewal nat dst-nat 1.1.1.1:444 -> 10.0.0.2:80)

When I go to 1.1.1.1:444 from internet, I can get access to my web server on 10.0.0.2, but when I go to 1.1.1.1:444 from LAN (e.g. 10.0.0.3), I stuck at loading page.

I understand, that 10.0.0.2 can answer to 10.0.0.3 only by switch routing and I tied to fix it by using new src-nat rule like 10.0.0.0/16 -> 2.2.2.2, but nothing goes well

Where I did mistake?

Re: mikrotik nat redirect to local from local

Posted: Wed Mar 20, 2019 11:19 am
by sebastia
Hey

Since you're changing port number on the external and internal ip's you'll need to do "hairpin" construction. see https://wiki.mikrotik.com/wiki/Hairpin_NAT or search on forlum.

Re: mikrotik nat redirect to local from local

Posted: Wed Mar 20, 2019 3:42 pm
by flaviojunior
Hey

Since you're changing port number on the external and internal ip's you'll need to do "hairpin" construction. see https://wiki.mikrotik.com/wiki/Hairpin_NAT or search on forlum.
So the probem is the answer of 10.0.0.2 to 10.0.0.3.

Let me try to explain, 10.0.0.3 send the package to 1.1.1.1:444, this address is not on hist subnet so 10.0.0.3 send the package to the gateway, his gateway is 10.0.0.1,
10.0.0.1 has a dst-nat to 10.0.0.2 so the router translate 1.1.1.1:444 to 10.0.0.2:80, the package reach 10.0.0.2:80, the package reach 10.0.0.2 with the src-address 10.0.0.3 so when 10.0.0.2 answer 10.0.0.3 it's on his subnet so 10.0.0.2 send the package direct to 10.0.0.3, what happens? 10.0.0.3 tried to connect 1.1.1.1:444 and receave the answer from 10.0.0.2:80 so it now work.
So to it work or 10.0.0.3 and 10.0.0.2 need to be on diferent subnets or,
send the connection direct to 10.0.0.2 because they are on the same subnet.

:D