Community discussions

 
beb
just joined
Topic Author
Posts: 19
Joined: Tue Nov 13, 2012 4:17 am

Hairpin nat problem

Tue Dec 18, 2012 7:17 am

I have set up access from the WAN to a webserver on the LAN. Everything is working, except accessing to webserver from the LAN using the external (WAN) address gets me to the router rather than the internal webserver. Access via the lan address (192.168.40.2) works fine.

I've set up a dmz on 192.168.40.0/24. Other lan nets are on 192.168.[10,20,30,50].0/24. Nat rules:
/ip firewall nat
    add chain=srcnat action=masquerade out-interface=ether-wan \
        comment="nat output connections"
    add chain=dstnat action=dst-nat protocol=tcp to-address=192.168.40.2 \
        dst-port=80,443 in-interface=ether-wan comment="web server at 192.168.40.2:80,443"
    add chain=srcnat action=masquerade src-address=192.168.20.0/24 \
        dst-address=192.168.40.2 dst-port=80 protocol=tcp \
        out-interface=bridge-secure comment="hairpin nat"
bridge-secure is one of my lan nets (that I am using for this test). The dmz is on bridge-dmz.

How can I setup "haipin nat"? Many thanks!
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Hairpin nat problem

Tue Dec 18, 2012 11:21 am

Try changing your out-interface to bridge-dmz in the masquerade rule.
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
beb
just joined
Topic Author
Posts: 19
Joined: Tue Nov 13, 2012 4:17 am

Re: Hairpin nat problem - SOLVED

Fri Dec 21, 2012 12:45 am

Try changing your out-interface to bridge-dmz in the masquerade rule.
No change.

I've ended up creating a stating dns entry for my domain that resolves to the local server. Seems to work fine, not sure what the disadvantages are.

Who is online

Users browsing this forum: No registered users and 42 guests